[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: SVN LADP Group Authentication

From: Christian Unger <christian_unger_at_mac.com>
Date: Sun, 3 Feb 2008 12:20:47 +0100

<Location /svn/>
         DAV svn
         SVNListParentPath on
         SVNParentPath "/path/to/repositories"
         SVNAutoversioning on

         Order deny,allow
         Allow from all

         AuthType Basic
                AuthBasicProvider ldap
                AuthName "Subversion Repository"
                AuthLDAPURL ldap://ldap.company.com:389/cn=users,dc=company,dc=com?uid
                AuthLDAPGroupAttribute memberUid
                AuthLDAPGroupAttributeIsDN off
                Require ldap-group
cn=some_fancy_ldap_groupname,cn=groups,dc=company,dc=com
         AuthzSVNAccessFile "/path/to/ProjectAccessFile"
         Satisfy Any
</Location>

On Feb 2, 2008, at 7:30 AM, Ashwin Basagouda Patil wrote:

> Thanks, for the information.
>
> But,
>
> Please note that I am aware of group authentication by
> SVNAuthoriozation
> file, but my concern is authentication through the LDAP server. I
> dont want
> to add "@group" in the SVN authorization file aNY WAY.
>
> The users present in the group of the LDAP server should get the
> access if
> just mentioned the group name in the SVNAuthorization file.
>
> Thanks,
> Ashwin Patil
>
> -----Original Message-----
> From: Frank Gruman <fgatwork_at_verizon.net>
> To: Ashwin Basagouda Patil <ashwin.patil_at_robosoftin.com>
> Date: Fri, 01 Feb 2008 22:17:03 -0500
> Subject: Re: SVN LADP Group Authentication
>
>> Ashwin,
>>
>> Did you read the book on path-based authorization? Particularly,
>> groups. Perhaps this will help you?
>> http://svnbook.red-bean.com/en/1.4/svn.serverconfig.pathbasedauthz.html
>>
>> Regards,
>> Frank
>>
>> On Wed, 2008-01-30 at 20:38 +0530, Ashwin Basagouda Patil wrote:
>>> Dear All,
>>>
>>>
>>> Sorry for asking again with new subject line, but please note that I
>> never
>>> received any response from any one for this my request. Please
>>> help me
>> in
>>> this regards.
>>>
>>> Please read full mail. Please excuse me if it so long. I tried to
>> explain
>>> my configuration.
>>>
>>> We recently upgraded our SVN server to 1.4.5 and apache 2.054 also
>>> it
>> is
>>> configured for authentication to SVN by user in LDAP. It is working
>> fine
>>> for all the users.
>>>
>>> Now we are need of group authentication, I mean the users present
>>> in a
>>> group of LDAP should grant the access to SVN, if group name is
>> mentioned in
>>> the SVN_Authorization file.
>>>
>>>
>>> I have virtual hosting for the apache configuration:
>>>
>>> Apache configuration: ssl.conf file
>>>
>>>
>>>
>>>
>>>
>>> ##################### start of file
>> #######################################
>>> NameVirtualHost *:443
>>> LDAPTrustedCA /usr/local/apache2/conf/ssl/cacert.pem
>>> LDAPTrustedCAType BASE64_FILE
>>> SSLRandomSeed startup builtin
>>> SSLRandomSeed connect builtin
>>> <IfDefine SSL>
>>> Listen 443
>>> AddType application/x-x509-ca-cert .crt
>>> AddType application/x-pkcs7-crl .crl
>>> SSLPassPhraseDialog builtin
>>> SSLSessionCache dbm:/usr/local/apache2/logs/ssl_scache
>>> SSLSessionCacheTimeout 300
>>> SSLMutex file:/usr/local/apache2/logs/ssl_mutex
>>> AcceptMutex flock
>>> SSLEngine on
>>> SSLCipherSuite ALL:!ADH:!
>>> EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>>> SSLCertificateFile /usr/local/apache2/conf/ssl/server.crt
>>> SSLCertificateKeyFile /usr/local/apache2/conf/ssl/server.key
>>> SSLCACertificateFile /usr/local/apache2/conf/ssl/cacert.pem
>>>
>>> ####################### test_at_robosoft.co.in
>> ###############################
>>>
>>> <VirtualHost *:443>
>>> ServerName test.robosoft.co.in
>>> ServerAdmin root_at_robosoftin.com
>>> DocumentRoot /Volumes/Projects/test/
>>> <Location />
>>> DAV svn
>>> SVNPath /Volumes/Projects/Subversion/Projects/test/
>>>
>>> AuthName "Robosoft Technologies Pvt Ltd"
>>> AuthType Basic
>>>
>>> AuthLDAPUrl
>> "ldaps://roboserver.robosoft.co.in/cn=users,dc=RoboServer?cn"
>>> # Auth on
>>> Require ldap-group cn=groups,dc=RoboServer?cn
>>>
>>> # Our access control policy
>>>
>>> AuthzSVNAccessFile /Volumes/Projects/Subversion/Projects/test/
>>> test.txt
>>> </Location>
>>> ErrorLog /Volumes/Projects/Subversion/Projects/test/error.log
>>> CustomLog /Volumes/Projects/Subversion/Projects/test/
>>> access.log
>>> common
>>> <FilesMatch "\.(cgi|shtml|phtml|php3?)$">
>>> SSLOptions +StdEnvVars
>>> </FilesMatch>
>>> <Directory "/usr/local/apache2/cgi-bin">
>>> SSLOptions +StdEnvVars
>>> </Directory>
>>> SetEnvIf User-Agent ".*MSIE.*" \
>>> nokeepalive ssl-unclean-shutdown \
>>> downgrade-1.0 force-response-1.0
>>>
>>> </VirtualHost>
>>>
>>> </IfDefine>
>>>
>>>
>>>
>> #########################################################################
>> #
>>>
>>>
>>> Also IO have the bello configuration in my SVN_Authorization file as
>> listed
>>> bellow.
>>>
>>> Path : as mentioned in ssl.conf file
>>>
>>> AuthzSVNAccessFile /Volumes/Projects/Subversion/Projects/test/
>>> test.txt
>>>
>>> [/]
>>> ashwin = r
>>> name2 = r
>>> name3 = r
>>> name4 = r
>>> * =
>>>
>>> [/dir1]
>>> ashwin = rw
>>> name2 = r
>>> name3 = rw
>>> name4 = rw
>>> * =
>>>
>>> [/dir1/dir2]
>>> ashwin = rw
>>> name2 = r
>>> name3 =
>>> name4 = r
>>> * =
>>>
>>>
>>> [/dirA]
>>> ashwin = rw
>>> name2 = r
>>> name3 =
>>> name4 = r
>>>
>>> [/dirA/dirB]
>>> ashwin = rw
>>> name2 = r
>>> name3 =
>>> name4 = r
>>> * =
>>>
>>> #################END OF FILE AuthzSVNAccessFile
>> ########################
>>>
>>> Please help me how I can success to authenticate a user present in
>>> the
>> LDAP
>>> dir group and group name is mentioned in "AuthzSVNAccessFile".
>>>
>>>
>>> Thanks in Advence.
>>> Ashwin Patil
>>>
>>>
>>>
>>>
>>>
>>>
>>> -----------------------------------------------
>>> Robosoft Technologies - Come home to Technology
>>>
>>> Disclaimer: This email may contain confidential material. If you
>>> were
>> not an intended recipient, please notify the sender and delete all
>> copies. Emails to and from our network may be logged and monitored.
>> This
>> email and its attachments are scanned for virus by our scanners and
>> are
>> believed to be safe. However, no warranty is given that this email is
>> free of malicious content or virus.
>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
>>> For additional commands, e-mail: users-help_at_subversion.tigris.org
>>>
>>
>
>
> -----------------------------------------------
> Robosoft Technologies - Come home to Technology
>
> Disclaimer: This email may contain confidential material. If you
> were not an intended recipient, please notify the sender and delete
> all copies. Emails to and from our network may be logged and
> monitored. This email and its attachments are scanned for virus by
> our scanners and are believed to be safe. However, no warranty is
> given that this email is free of malicious content or virus.
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
> For additional commands, e-mail: users-help_at_subversion.tigris.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-02-03 12:21:16 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.