You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by David CM Weber <da...@backbonesecurity.com> on 2004/05/17 18:38:19 UTC
Subversion with Active Directory for Authentication -- Strategies
Hey everyone. I searched the archives and checked w/ google, but didn't
find anything directly applicable.
I'm in the process of setting up subversion. My subversion server's
configuration is below
The subversion server will have multiple repositories hung off of it
e.g.: http://subversion_server/svn/repo1,
http://subversion_server/svn/repo2, ...
For each repository, I'd like to require different group membership
using apache's "require group" syntax (not seen below)
I'm not sure exactly how to get this to work. Would a .htaccess file in
the repository directory be sufficient?
My question (I guess) revolves mostly around which strategy would be
best. I'd almost prefer the flexibility of restricting groups to
read/write at directories within a repository, but realize that this
might be asking too much.
Any suggestions would be appreciated. Thanks!
--------------------------------------------------------
LoadModule dav_svn_module modules/mod_dav_svn.so
<Location /svn>
DAV svn
SVNParentPath /svnroot
AuthType Basic
AuthName "Please Login"
AuthLDAPURL "ldap://server1 server2/<BASE DN
HERE>?sAMAccountName?sub?(objectClass=user)"
AuthLDAPBindDN "<BIND DN HERE>"
AuthLDAPBindPassword <PASSWORD>
require valid-user
</Location>
--------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
RE: Subversion with Active Directory for Authentication -- Strategies
Posted by Daragh Fitzpatrick <Da...@UChicago.edu>.
This is regarding your Active Directory part:
I'm looking into PubCookie (pubcookie.org) as an SSO solution that
integrates with Apache - we are using TRAC as the web front-end to SVN.
[PubCookie also integrates with IIS, but I don't know how an AD bridge would
work - maybe PubCookie<->LDAP on AD?]
I'll let you know how I get on.
Cheers,
:D
--------------------------------------------------------------------
Daragh Fitzpatrick Daragh@UChicago.edu (773) 702-8976
Solutions Architect NSIT Administrative Systems
Renewal Projects and Architecture University of Chicago
--------------------------------------------------------------------
-----Original Message-----
From: David CM Weber [mailto:david.weber@backbonesecurity.com]
Sent: Monday, May 17, 2004 1:38 PM
To: users@subversion.tigris.org
Subject: Subversion with Active Directory for Authentication -- Strategies
Hey everyone. I searched the archives and checked w/ google, but didn't
find anything directly applicable.
I'm in the process of setting up subversion. My subversion server's
configuration is below
The subversion server will have multiple repositories hung off of it
e.g.: http://subversion_server/svn/repo1,
http://subversion_server/svn/repo2, ...
For each repository, I'd like to require different group membership using
apache's "require group" syntax (not seen below)
I'm not sure exactly how to get this to work. Would a .htaccess file in the
repository directory be sufficient?
My question (I guess) revolves mostly around which strategy would be best.
I'd almost prefer the flexibility of restricting groups to read/write at
directories within a repository, but realize that this might be asking too
much.
Any suggestions would be appreciated. Thanks!
--------------------------------------------------------
LoadModule dav_svn_module modules/mod_dav_svn.so
<Location /svn>
DAV svn
SVNParentPath /svnroot
AuthType Basic
AuthName "Please Login"
AuthLDAPURL "ldap://server1 server2/<BASE DN
HERE>?sAMAccountName?sub?(objectClass=user)"
AuthLDAPBindDN "<BIND DN HERE>"
AuthLDAPBindPassword <PASSWORD>
require valid-user
</Location>
--------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org