No, I think he means using some method split AuthzSVNAccessFile,
e.g. repos1 has access file repos1_auth.conf
repos2 has access file repos2_auth.conf
....
and repos1 , repos2, ..., etc. has same SVNParentPath
Another question, can I let apache2 list these repositories('/svnldap') ?
I quite interest the solve answer.
Dongsheng Song
----- Original Message -----
From: "Guido Anzuoni" <guido.anzuoni@kyneste.com>
To: "Brandstädter Reinhard" <Reinhard.Brandstaedter@ams-engineering.com>;
<users@subversion.tigris.org>
Sent: Tuesday, September 07, 2004 11:13 PM
Subject: R: SVNParentPath and per Repository Permissions
I am not sure I have fully understood your problem (a little example may
help).
Anyway, I will explain may conf hoping it would somehow be useful.
I have configured apache to serve svn repository with ldap authentication as
follows
(using ldap module bundled with apache):
<Location /svnldap>
DAV svn
SVNParentPath E:/SVNROOT/repositories
AuthzSVNAccessFile E:/SVNROOT/config/security/svn-http-authz.txt
AuthType Basic
AuthName "Subversion"
AuthLDAPEnabled on
AuthLDAPRemoteUserIsDN off
AuthLDAPUrl .....
AuthLDAPBindDN .....
AuthLDAPBindPassword ...
Deny from all
Require valid-user
Satisfy all
</Location>
In AuthzSVNAccessFile I have something like:
[groups]
admin = <members of global admin group>
repos1-team = <members of repos1 project team>
[/]
* = r
@admin = rw
[repos1:/]
@repos1-team = rw
......
If you want to have read access control too, you could do something like:
[groups]
admin = <members of global admin group>
repos1-team = <repos1 project team>
repos1-admin-team = <repos1 project admins>
[/]
* =
@admin = rw
[repos1:/]
@repos1-team = r
@repos1-admin-team = rw
......
Guido
> -----Messaggio originale-----
> Da: Brandstädter Reinhard
> [mailto:Reinhard.Brandstaedter@ams-engineering.com]
> Inviato: martedì 7 settembre 2004 16.48
> A: Guido Anzuoni
> Oggetto: AW: SVNParentPath and per Repository Permissions
>
>
> Oh I've read the acl section in the book, and maybe I was too
> less precise.
> I guess since I already limit the authentication via ldap via
> a "require group" directive there is no other way using the
> SVNParentPath.
> (I don't want to find a general "require group" wich is valid
> for all repositories, but want to keep the group of users who
> can access a repository (authentication process) to a minimum.
>
> Reinhard
>
> > -----Ursprüngliche Nachricht-----
> > Von: Guido Anzuoni [mailto:guido.anzuoni@kyneste.com]
> > Gesendet: Dienstag, 07. September 2004 09:24
> > An: Brandstädter Reinhard; users@subversion.tigris.org
> > Betreff: R: SVNParentPath and per Repository Permissions
> >
> >
> > You can use per-directory access control as documented in
> > http://svnbook.red-bean.com/svnbook/ch06s04.html#svn-ch-6-sect-4.4.2
> >
> > The only caution is to configure ldap authentication to not
> > to use full DN for
> > the authenticated principal otherwise you run into troubles
> > defining groups in subversion authorization conf (btw, an
> > escaping mechanism for group member separators would help).
> >
> > Guido.
> >
> >
> > -----Messaggio originale-----
> > Da: Brandstädter Reinhard
> > [mailto:Reinhard.Brandstaedter@ams-engineering.com]
> > Inviato: martedì 7 settembre 2004 8.46
> > A: users@subversion.tigris.org
> > Oggetto: SVNParentPath and per Repository Permissions
> >
> >
> > Hi,
> >
> > I'm just browsing through the Subversion paperback book
> > (great job, by the way!), and playing around with my apache
> > configuration. The SNVParentPath is a pretty handy directive,
> > but how would this work if you want to set different
> > permissions per repository? I'm planning to use LDAP
> > authentication against MS Active directory with the excellent
> > mod_auth_ldap module by Muhammad A Muquit
> > http://www.muquit.com/muquit/software/mod_auth_ldap/mod_auth_l
> dap_apache2.html
>
> At the moment I only see the solution by using one <Location>
> directive per repository and also set permissions per
> <Location> directive. Am I wrong, or is there a way to use
> the convenience of ParentPath and per-repos permissions?
>
> Thanks,
> Reinhard
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Sep 8 03:41:05 2004