Hey, folks. I'm dropping a last-minute addition into the svnbook to
describe the new 'aliases' authz-file feature. Can someone read over this
and sanity-check it? Thanks.
------------------------------------------------------------------------
Subversion 1.5 brings another useful feature to the access file syntax:
username aliases. Some authentication systems expect and carry relatively
short usernames of the sorts we've been describing here—harry, sally, joe,
etc. But other systems may carry much more complex usernames. For example,
Harry's username in an LDAP-protected system might be /O=Red
Bean/OU=Engineers/DC=com/DC=red-bean/CN=Harold Hacker. With usernames like
that, the access file can become quite bloated with complex username strings
that are easy to mistype. Fortunately, username aliases allow you to only
have to type the correct complex username once, in a statement which assigns
to it a more easily digestable alias.
[aliases]
harry = /O=Red Bean/OU=Engineers/DC=com/DC=red-bean/CN=Harold Hacker
sally = /O=Red Bean/OU=Engineers/DC=com/DC=red-bean/CN=Sally Swatterbug
joe = /O=Red Bean/OU=Engineers/DC=com/DC=red-bean/CN=Gerald I. Joseph
…
Once you've defined a set of aliases, you can refer to the users elsewhere
in the access file via their aliases in all the same places you could have
instead used their actual usernames. Simply prepend an ampersand to the
alias to distinguish it from a regular username:
[groups]
calc-developers = &harry, &sally, &joe
paint-developers = &frank, &sally, &jane
everyone = @calc-developers, @paint-developers
You might also choose to use aliases if your users' usernames change
frequently. Doing so allows you to need to update only the aliases table
when these username changes occur, instead of doing
global-search-and-replace operations on the whole access file.
--
C. Michael Pilato <cmpilato_at_collab.net>
CollabNet <> www.collab.net <> Distributed Development On Demand
Received on 2008-06-30 20:08:45 CEST