You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@subversion.apache.org by sdevinen <sr...@gmail.com> on 2012/05/08 20:49:55 UTC

SVN+LDAP+APache Access issue.

Hi All,

I am new to SVN Administration. I am trying to setup access restriction per
repository.
for cm_qa repo, i need svn-eng-rw group to have read/write access,
svn-eng-readonly to have readonly access, and no access to anyone outside
these 2 groups.

Can you please help me with this issue
<Location /export/svn>
DAV svn
SVNParentPath /mnt/data/svn
SVNListParentPath on
SSLRequireSSL
AuthzLDAPAuthoritative off
AuthName "Protected area"
AuthType Basic
AuthBasicProvider ldap
AuthLDAPUrl "ldap://ldap.xxxxx.com/ou=People,DC=xxxxx,DC=com"
Require valid-user
</Location>


<Location /export/svn/cm_client>
require ldap-group cn=svn-xxxxx,ou=Group,dc=xxxxx,dc=com
require ldap-group cn=svn-kiev,ou=Group,dc=xxxxx,dc=com
# Require ldap-group cn=svn-eng-readonly,ou=Group,dc=xxxxx,dc=com
# Require ldap-group cn=svn-eng-rw,ou=Group,dc=xxxxx,dc=com

</Location>

<Location /export/svn/cm_qa>
DAV svn
SVNParentPath /mnt/data/svn
SVNListParentPath on
SSLRequireSSL
AuthzLDAPAuthoritative off
AuthName "Protected area"
AuthType Basic
AuthBasicProvider ldap
AuthLDAPUrl "ldap://ldap.xxxxx.com/ou=People,DC=xxxxx,DC=com"
<LimitExcept GET PROPFIND OPTIONS REPORT>
require ldap-group cn=svn-eng-readonly,ou=Group,dc=xxxxx,dc=com
</LimitExcept>
require ldap-group cn=svn-eng-rw,ou=Group,dc=xxxxx,dc=com
</Location>

Thanks in Advance
Tillu.

-- 
View this message in context: http://old.nabble.com/SVN%2BLDAP%2BAPache-Access-issue.-tp33763590p33763590.html
Sent from the Subversion Users mailing list archive at Nabble.com.

Re: SVN+LDAP+APache Access issue.

Posted by Jan Keirse <ja...@tvh.com>.

On Tue, May 8, 2012 at 8:49 PM, sdevinen <sr...@gmail.com> wrote:
>
>
> Hi All,
>
> I am new to SVN Administration. I am trying to setup access restriction
> per
> repository.
> for cm_qa repo, i need svn-eng-rw group to have read/write access,
> svn-eng-readonly to have readonly access, and no access to anyone outside
> these 2 groups.
>
> Can you please help me with this issue
...
> <Location /export/svn/cm_qa>
> DAV svn
> SVNParentPath /mnt/data/svn
> SVNListParentPath on
> SSLRequireSSL
> AuthzLDAPAuthoritative off
> AuthName "Protected area"
> AuthType Basic
> AuthBasicProvider ldap
> AuthLDAPUrl "ldap://ldap.xxxxx.com/ou=People,DC=xxxxx,DC=com"
> <LimitExcept GET PROPFIND OPTIONS REPORT>
> require ldap-group cn=svn-eng-readonly,ou=Group,dc=xxxxx,dc=com
> </LimitExcept>
> require ldap-group cn=svn-eng-rw,ou=Group,dc=xxxxx,dc=com
> </Location>
>

Could this fix that it? Create 2 locations:
/export/svn/cm_qa_rw and /export/svn/cm_qa_ro referring to the same
SVNParentPath but with different permissions.

-- 
DISCLAIMER ****

http://www.tvh.com/newen2/emaildisclaimer/default.html 

"This message is delivered to all addressees subject to the conditions
set forth in the attached disclaimer, which is an integral part of this
message."

RE: SVN+LDAP+APache Access issue.

Posted by "Cooke, Mark" <ma...@siemens.com>.

> -----Original Message-----
> From: sdevinen [mailto:sriharsha.work@gmail.com] 
> Sent: 08 May 2012 19:50
> To: users@subversion.apache.org
> Subject: SVN+LDAP+APache Access issue.
> 
> 
> Hi All,
> 
> I am new to SVN Administration. I am trying to setup access 
> restriction per
> repository.
> for cm_qa repo, i need svn-eng-rw group to have read/write access,
> svn-eng-readonly to have readonly access, and no access to 
> anyone outside
> these 2 groups.
> 
> Can you please help me with this issue
> <Location /export/svn>
> DAV svn
> SVNParentPath /mnt/data/svn
> SVNListParentPath on
> SSLRequireSSL
> AuthzLDAPAuthoritative off
> AuthName "Protected area"
> AuthType Basic
> AuthBasicProvider ldap
> AuthLDAPUrl "ldap://ldap.xxxxx.com/ou=People,DC=xxxxx,DC=com"
> Require valid-user
> </Location>
> 
> 
> <Location /export/svn/cm_client>
> require ldap-group cn=svn-xxxxx,ou=Group,dc=xxxxx,dc=com
> require ldap-group cn=svn-kiev,ou=Group,dc=xxxxx,dc=com
> # Require ldap-group cn=svn-eng-readonly,ou=Group,dc=xxxxx,dc=com
> # Require ldap-group cn=svn-eng-rw,ou=Group,dc=xxxxx,dc=com
> 
> </Location>
> 
> <Location /export/svn/cm_qa>
> DAV svn
> SVNParentPath /mnt/data/svn
> SVNListParentPath on
> SSLRequireSSL
> AuthzLDAPAuthoritative off
> AuthName "Protected area"
> AuthType Basic
> AuthBasicProvider ldap
> AuthLDAPUrl "ldap://ldap.xxxxx.com/ou=People,DC=xxxxx,DC=com"
> <LimitExcept GET PROPFIND OPTIONS REPORT>
> require ldap-group cn=svn-eng-readonly,ou=Group,dc=xxxxx,dc=com
> </LimitExcept>
> require ldap-group cn=svn-eng-rw,ou=Group,dc=xxxxx,dc=com
> </Location>
> 
> Thanks in Advance
> Tillu.

As far as I know you cannot do this using vanilla apache.

Answers to similar questions (did you search the list before posting?) generally recommend using a script to poll LDAP and update your repository's path based authorisation file with the group members...

~ mark c

> -- 
> View this message in context: 
> http://old.nabble.com/SVN%2BLDAP%2BAPache-Access-issue.-tp33763590p33763590.html
> Sent from the Subversion Users mailing list archive at Nabble.com.
> 
>