[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: AuthzSVNAccessFile and LDAP-Groups

From: Samay <getafix123_at_hotmail.com>
Date: 2004-10-04 14:33:46 CEST

> -----Original Message-----
> From: fisch [mailto:fisch_at_conne-island.de]
> Sent: Monday, October 04, 2004 11:59 AM
> To: subversion-list
> Subject: RE: AuthzSVNAccessFile and LDAP-Groups
>
>
>
> Is it possible to use PAM or System-Groups or anything else execpt a
> Users-File?
>
> bye
> fisch
>

I m not sure about your setup but this is how we are using it in our
environment

a) (Gentoo + OpenLDAP + Apache + SVN 1.1 + Samba{winbind}) + Microsoft
Active Directory(AD)
b) all user authentication and group membership/authentication is against MS
AD.
c) Winbind provides Authentication bridge and User/Group lookups against AD
d) OpenLDAP is used to store IDmap info (UID/GID mappings) for WinBind.
e) On Linux PAM is configured to use Winbind, along side the usual,
/etc/passwd etc.
f) Apache is configured to use Auth Basc (Mod_Auth_PAM) for authentication
support
g) all Access Control for Subversion is against Group names as defined in
Microsoft AD
h) it works fine for SVN using Apache/Mod_DAV as thats all we need.

This all works fine, as winbind presents LDAP Users and Groups via PAM. We
have a need for using Samba as well, hence winbind. Your mileage and
requirements may vary, however, at least above works.

yes, there still is an unsolved problem in our setup, that is to provide a
similar granular access control for WebSVN using groups defined in AD!!!

HTH,

Samay.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Mon Oct 4 14:34:32 2004

This is an archived mail posted to the Subversion Users mailing list.