You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@subversion.apache.org by David CM Weber <da...@backbonesecurity.com> on 2004/05/17 18:38:19 UTC

Subversion with Active Directory for Authentication -- Strategies

Hey everyone.  I searched the archives and checked w/ google, but didn't
find anything directly applicable.

I'm in the process of setting up subversion.  My subversion server's
configuration is below

The subversion server will have multiple repositories hung off of it
e.g.: http://subversion_server/svn/repo1,
http://subversion_server/svn/repo2, ...

For each repository, I'd like to require different group membership
using apache's "require group" syntax (not seen below)

I'm not sure exactly how to get this to work.  Would a .htaccess file in
the repository directory be sufficient? 

My question (I guess) revolves mostly around which strategy would be
best.  I'd almost prefer the flexibility of restricting groups to
read/write at directories within a repository, but realize that this
might be asking too much.

Any suggestions would be appreciated.  Thanks!




--------------------------------------------------------

LoadModule dav_svn_module     modules/mod_dav_svn.so
<Location /svn>

    DAV svn
    SVNParentPath /svnroot

    AuthType Basic
    AuthName "Please Login"
    AuthLDAPURL "ldap://server1 server2/<BASE DN
HERE>?sAMAccountName?sub?(objectClass=user)"
    AuthLDAPBindDN "<BIND DN HERE>"
    AuthLDAPBindPassword <PASSWORD>
    require valid-user

</Location>
--------------------------------------------------------

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

RE: Subversion with Active Directory for Authentication -- Strategies

Posted by Daragh Fitzpatrick <Da...@UChicago.edu>.

This is regarding your Active Directory part:

I'm looking into PubCookie (pubcookie.org) as an SSO solution that
integrates with Apache - we are using TRAC as the web front-end to SVN.
[PubCookie also integrates with IIS, but I don't know how an AD bridge would
work - maybe PubCookie<->LDAP on AD?]

I'll let you know how I get on. 

Cheers,

          :D

--------------------------------------------------------------------
Daragh Fitzpatrick        Daragh@UChicago.edu         (773) 702-8976

Solutions Architect                      NSIT Administrative Systems
Renewal Projects and Architecture              University of Chicago
--------------------------------------------------------------------
-----Original Message-----
From: David CM Weber [mailto:david.weber@backbonesecurity.com] 
Sent: Monday, May 17, 2004 1:38 PM
To: users@subversion.tigris.org
Subject: Subversion with Active Directory for Authentication -- Strategies

Hey everyone.  I searched the archives and checked w/ google, but didn't
find anything directly applicable.

I'm in the process of setting up subversion.  My subversion server's
configuration is below

The subversion server will have multiple repositories hung off of it
e.g.: http://subversion_server/svn/repo1,
http://subversion_server/svn/repo2, ...

For each repository, I'd like to require different group membership using
apache's "require group" syntax (not seen below)

I'm not sure exactly how to get this to work.  Would a .htaccess file in the
repository directory be sufficient? 

My question (I guess) revolves mostly around which strategy would be best.
I'd almost prefer the flexibility of restricting groups to read/write at
directories within a repository, but realize that this might be asking too
much.

Any suggestions would be appreciated.  Thanks!




--------------------------------------------------------

LoadModule dav_svn_module     modules/mod_dav_svn.so
<Location /svn>

    DAV svn
    SVNParentPath /svnroot

    AuthType Basic
    AuthName "Please Login"
    AuthLDAPURL "ldap://server1 server2/<BASE DN
HERE>?sAMAccountName?sub?(objectClass=user)"
    AuthLDAPBindDN "<BIND DN HERE>"
    AuthLDAPBindPassword <PASSWORD>
    require valid-user

</Location>
--------------------------------------------------------

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org