RE: Svn configuration help needed.

From: Lieven Govaerts <lgo_at_mobsol.be>
Date: 2005-12-27 20:37:45 CET

Sure.

This is how our configuration looks like ( on a Suse 9 server + Apache
2.0.54 ):

LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so
<Location /svn>
  DAV svn
  SVNParentPath /svn/repofolder
  SVNIndexXSLT /style/svnindex.xsl

# access control policy
AuthzSVNAccessFile /svn/config/svnaccess.conf

# allow read-only access to all users in the AD server
<Limit GET PROPFIND OPTIONS REPORT>
Satisfy Any
</Limit>

Require valid-user

  # LDAP authentication
  AuthType Basic
  AuthName "Subversion Repository"
  AuthLDAPEnabled on
  AuthLDAPURL
"ldap://ldap.server.net/OU=XXXXXXXXX,dc=subdomain,dc=domain,dc=net?sAMAccoun
tName?sub?(objectClass=user)"

  AuthLDAPAuthoritative on
  AuthLDAPBindDN
"cn=LDAP_ACCOUNT,ou=Users,ou=Administration,dc=subdomain,dc=domain,dc=net"
  AuthLDAPBindPassword LDAP_PASSWORD
# AuthLDAPSearchScope subtree
# AuthLDAPSchemePrefix off
</Location>

Check http://httpd.apache.org/docs/2.0/mod/mod_auth_ldap.html for more info
concerning the Auth* properties.

You need to enable the apache auth_ldap module, and have OpenLDAP installed.

Lieven.

> -----Original Message-----
> From: Chien-Chung Lu [mailto:cclu@yahoo.com]
> Sent: dinsdag 27 december 2005 20:20
> To: users@subversion.tigris.org
> Cc: 'Lieven Govaerts'
> Subject: RE: Svn configuration help needed.
>
> Would you mind show me how to do LDAP?
> I have AD(win2003)/LADP and all users have both AD & NIS account.
> I am willing to give it a try to get the security in place.
>
> Thanks again.
> -Lu
>
> -----Original Message-----
> From: Lieven Govaerts [mailto:lgo@mobsol.be]
> Sent: Tuesday, December 27, 2005 8:36 AM
> To: Chien-Chung Lu
> Cc: users@subversion.tigris.org
> Subject: RE: Svn configuration help needed.
>
> Lu,
>
> If you handle the NIS authorization part through an apache
> module, the users are automatically reused by mod_auth_svn to
> validate authorization.
>
> I'm only familiar with LDAP/AD integration so I can't help
> you on the NIS authorization.
>
> Lieven.
>
>
> Quoting Chien-Chung Lu <cclu@yahoo.com>:
>
> >
> > Is there a way to utilize the existing group in NIS?
> > In your svnaccess.conf, are account1,account2, and account3
> nis users
> > or I need to create account1, account2, and account3 locally?
> > Thanks you for your help.
> > -Lu
> >
> > -----Original Message-----
> > From: Lieven Govaerts [mailto:lgo@mobsol.be]
> > Sent: Tuesday, December 27, 2005 2:16 AM
> > To: cclu@yahoo.com
> > Cc: users@subversion.tigris.org
> > Subject: Re: Svn configuration help needed.
> >
> > Hi Lu,
> >
> >
> > you need 'Per-Directory Access Control' for that, which can be
> > achieved using the authz_svn module ( which you already include ).
> >
> > In httpd.conf, in your /svn Location, add:
> >
> > # access control policy
> > AuthzSVNAccessFile /svn/config/svnaccess.conf (
> change path and
> > filename according to your environment )
> >
> > and drop the 'Require eng' line. You will be doing this in
> another way.
> >
> > Then create a new file svnaccess.conf like this:
> > ------------------------------
> > [groups]
> > eng = account1, account2
> > arch = account1, account3
> > tools = account1, account3
> >
> > [/]
> > * =
> >
> > [repos1:/public]
> > eng = rw
> >
> > [repos1:/secured]
> > arch = rw
> >
> > [repos2:/secured]
> > tools = rw
> > -------------------------------
> >
> > Disadvantage is that you have to maintain the list of users ( which
> > user belongs to which group ) in the svnaccess.conf file.
> >
> > Check the Subversion book for a better explanation:
> >
> http://svnbook.red-bean.com/nightly/en/svn.serverconfig.httpd.html#svn
> > .serve
> > rconfig.httpd.authz.perdir
> >
> > regards,
> >
> > Lieven.
> >
> >
> >
> > > -----Original Message-----
> > > From: Chien-Chung Lu [mailto:cclu@yahoo.com]
> > > Sent: dinsdag 27 december 2005 7:47
> > > To: users@subversion.tigris.org
> > > Subject: Svn configuration help needed.
> > >
> > > Hi, All,
> > >
> > > I am very new at svn and appreciate if anyone can give me some
> > > pointers,
> > >
> > > Here is my current setup -
> > > svn, version 1.2.3 (r15833) with Apache 2.0 I have setup
> > > repositories as http://wwwin/svn/repos1/secured/trunk
> > > http://wwwin/svn/repos1/secured/branches
> > > http://wwwin/svn/repos1/secured/tags
> > >
> > > http://wwwin/svn/repos1/public/trunk
> > > http://wwwin/svn/repos1/public/branches
> > > http://wwwin/svn/repos1/public/tags
> > >
> > > and same on repos2
> > > http://wwwin/svn/repos2
> > >
> > >
> > > Under /etc/httpd/conf/httpd.conf, I have
> > >
> > > LoadModule access_module modules/mod_access.so LoadModule
> > > auth_module modules/mod_auth.so LoadModule auth_anon_module
> > > modules/mod_auth_anon.so LoadModule auth_dbm_module
> > > modules/mod_auth_dbm.so LoadModule auth_digest_module
> > > modules/mod_auth_digest.so LoadModule auth_pam_module
> > > modules/mod_auth_pam.so LoadModule auth_sys_group_module
> > modules/mod_auth_sys_group.so
> > > LoadModule dav_svn_module
> /usr/lib/httpd/modules/mod_dav_svn.so
> > > LoadModule authz_svn_module
> /usr/lib/httpd/modules/mod_authz_svn.so
> > >
> > > <Location /svn>
> > > DAV svn
> > > SVNParentPath /import/svn
> > > AuthType Basic
> > > AuthName "Subversion Repository"
> > > Require group eng
> > > </Location>
> > >
> > > Under nis, I have group eng, arch, tools How do I modify
> httpd.conf
> > > so # eng group can access repos1/public, but not repos1/secured.
> > > # only arch group can access repos1/secured # only tools
> group can
> > > access repos2/secured
> > >
> > > How do I modify <Location /svn> to achive what I need?
> > > Appreciate your help.
> > > Thanks.
> > > -Lu
> >
> >
> > ----------------------------------------------------------------
> > This message was sent using IMP, the Internet Messaging Program.
> >
> >
> >
>
>
>
>
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.
>
>
> --
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.1.371 / Virus Database: 267.14.7/214 - Release
> Date: 23/12/2005
>
>

-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.371 / Virus Database: 267.14.7/214 - Release Date: 23/12/2005
 
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Received on Tue Dec 27 20:44:13 2005

This message: [ Message body ]
Next message: Lieven Govaerts: "RE: Making tags read-only"
Previous message: Andy Levy: "Making tags read-only"
In reply to: Chien-Chung Lu: "RE: Svn configuration help needed."

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]