AuthLDAP + AuthzSVNAccessFile

From: Manuel Vacelet <manuel.vacelet_at_gmail.com>
Date: 2007-07-17 10:19:20 CEST

Hello,

I'm trying to set up LDAP authentication of users on my server with
AuthLDAP (auth_ldap_module). It works great but it seems
AuthzSVNAccessFile by pass the restrictions set with "Require user"
directive.

Actually I want to restrict the read possibility of the subversion
repositories to a list of people (thanks to "Require user") and let
the possibility to each repository to define its own rules (thanks to
"AuthzSVNAccessFile"). But as soon as there is a '* = r' in the
AuthzSVNAccessFile, the "Require user" is no longer taken in account
(each repository can restrict access to its data but cannot "expose"
it more). Note: it doesn't work even if I force "statisfy all".

Here is my <Location> for one repository:

<Location /svnroot/code>
    DAV svn
    SVNPath /var/lib/svnroot/code
    AuthType Basic
    AuthName "Subversion Authorization"

    AuthLDAPUrl ldap://localhost:389/ou=people,dc=example,dc=com
    AuthLDAPBindDN "ou=people,dc=example,dc=com"
    require user "manuel"
    AuthzSVNAccessFile /var/lib/svnroot/code/.SVNAccessFile
</Location>

I there a way to force "Require" to apply ?

-- Manuel

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Jul 17 10:18:47 2007

This message: [ Message body ]
Next message: Rodrigo Araujo: "Re: upgrade from 1.4.3 to 1.4.4"
Previous message: Donal Mc Namee: "RE: Re: Server configuration management with svn question"
Next in thread: Manuel Vacelet: "Re: AuthLDAP + AuthzSVNAccessFile"
Reply: Manuel Vacelet: "Re: AuthLDAP + AuthzSVNAccessFile"
Reply: ossi petz: "Re: AuthLDAP + AuthzSVNAccessFile"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]