You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by sdevinen <sr...@gmail.com> on 2012/05/08 20:49:55 UTC
SVN+LDAP+APache Access issue.
Hi All,
I am new to SVN Administration. I am trying to setup access restriction per
repository.
for cm_qa repo, i need svn-eng-rw group to have read/write access,
svn-eng-readonly to have readonly access, and no access to anyone outside
these 2 groups.
Can you please help me with this issue
<Location /export/svn>
DAV svn
SVNParentPath /mnt/data/svn
SVNListParentPath on
SSLRequireSSL
AuthzLDAPAuthoritative off
AuthName "Protected area"
AuthType Basic
AuthBasicProvider ldap
AuthLDAPUrl "ldap://ldap.xxxxx.com/ou=People,DC=xxxxx,DC=com"
Require valid-user
</Location>
<Location /export/svn/cm_client>
require ldap-group cn=svn-xxxxx,ou=Group,dc=xxxxx,dc=com
require ldap-group cn=svn-kiev,ou=Group,dc=xxxxx,dc=com
# Require ldap-group cn=svn-eng-readonly,ou=Group,dc=xxxxx,dc=com
# Require ldap-group cn=svn-eng-rw,ou=Group,dc=xxxxx,dc=com
</Location>
<Location /export/svn/cm_qa>
DAV svn
SVNParentPath /mnt/data/svn
SVNListParentPath on
SSLRequireSSL
AuthzLDAPAuthoritative off
AuthName "Protected area"
AuthType Basic
AuthBasicProvider ldap
AuthLDAPUrl "ldap://ldap.xxxxx.com/ou=People,DC=xxxxx,DC=com"
<LimitExcept GET PROPFIND OPTIONS REPORT>
require ldap-group cn=svn-eng-readonly,ou=Group,dc=xxxxx,dc=com
</LimitExcept>
require ldap-group cn=svn-eng-rw,ou=Group,dc=xxxxx,dc=com
</Location>
Thanks in Advance
Tillu.
--
View this message in context: http://old.nabble.com/SVN%2BLDAP%2BAPache-Access-issue.-tp33763590p33763590.html
Sent from the Subversion Users mailing list archive at Nabble.com.
Re: SVN+LDAP+APache Access issue.
Posted by Jan Keirse <ja...@tvh.com>.
On Tue, May 8, 2012 at 8:49 PM, sdevinen <sr...@gmail.com> wrote:
>
>
> Hi All,
>
> I am new to SVN Administration. I am trying to setup access restriction
> per
> repository.
> for cm_qa repo, i need svn-eng-rw group to have read/write access,
> svn-eng-readonly to have readonly access, and no access to anyone outside
> these 2 groups.
>
> Can you please help me with this issue
...
> <Location /export/svn/cm_qa>
> DAV svn
> SVNParentPath /mnt/data/svn
> SVNListParentPath on
> SSLRequireSSL
> AuthzLDAPAuthoritative off
> AuthName "Protected area"
> AuthType Basic
> AuthBasicProvider ldap
> AuthLDAPUrl "ldap://ldap.xxxxx.com/ou=People,DC=xxxxx,DC=com"
> <LimitExcept GET PROPFIND OPTIONS REPORT>
> require ldap-group cn=svn-eng-readonly,ou=Group,dc=xxxxx,dc=com
> </LimitExcept>
> require ldap-group cn=svn-eng-rw,ou=Group,dc=xxxxx,dc=com
> </Location>
>
Could this fix that it? Create 2 locations:
/export/svn/cm_qa_rw and /export/svn/cm_qa_ro referring to the same
SVNParentPath but with different permissions.
--
DISCLAIMER ****
http://www.tvh.com/newen2/emaildisclaimer/default.html
"This message is delivered to all addressees subject to the conditions
set forth in the attached disclaimer, which is an integral part of this
message."
RE: SVN+LDAP+APache Access issue.
Posted by "Cooke, Mark" <ma...@siemens.com>.
> -----Original Message-----
> From: sdevinen [mailto:sriharsha.work@gmail.com]
> Sent: 08 May 2012 19:50
> To: users@subversion.apache.org
> Subject: SVN+LDAP+APache Access issue.
>
>
> Hi All,
>
> I am new to SVN Administration. I am trying to setup access
> restriction per
> repository.
> for cm_qa repo, i need svn-eng-rw group to have read/write access,
> svn-eng-readonly to have readonly access, and no access to
> anyone outside
> these 2 groups.
>
> Can you please help me with this issue
> <Location /export/svn>
> DAV svn
> SVNParentPath /mnt/data/svn
> SVNListParentPath on
> SSLRequireSSL
> AuthzLDAPAuthoritative off
> AuthName "Protected area"
> AuthType Basic
> AuthBasicProvider ldap
> AuthLDAPUrl "ldap://ldap.xxxxx.com/ou=People,DC=xxxxx,DC=com"
> Require valid-user
> </Location>
>
>
> <Location /export/svn/cm_client>
> require ldap-group cn=svn-xxxxx,ou=Group,dc=xxxxx,dc=com
> require ldap-group cn=svn-kiev,ou=Group,dc=xxxxx,dc=com
> # Require ldap-group cn=svn-eng-readonly,ou=Group,dc=xxxxx,dc=com
> # Require ldap-group cn=svn-eng-rw,ou=Group,dc=xxxxx,dc=com
>
> </Location>
>
> <Location /export/svn/cm_qa>
> DAV svn
> SVNParentPath /mnt/data/svn
> SVNListParentPath on
> SSLRequireSSL
> AuthzLDAPAuthoritative off
> AuthName "Protected area"
> AuthType Basic
> AuthBasicProvider ldap
> AuthLDAPUrl "ldap://ldap.xxxxx.com/ou=People,DC=xxxxx,DC=com"
> <LimitExcept GET PROPFIND OPTIONS REPORT>
> require ldap-group cn=svn-eng-readonly,ou=Group,dc=xxxxx,dc=com
> </LimitExcept>
> require ldap-group cn=svn-eng-rw,ou=Group,dc=xxxxx,dc=com
> </Location>
>
> Thanks in Advance
> Tillu.
As far as I know you cannot do this using vanilla apache.
Answers to similar questions (did you search the list before posting?) generally recommend using a script to poll LDAP and update your repository's path based authorisation file with the group members...
~ mark c
> --
> View this message in context:
> http://old.nabble.com/SVN%2BLDAP%2BAPache-Access-issue.-tp33763590p33763590.html
> Sent from the Subversion Users mailing list archive at Nabble.com.
>
>