Various Access Control Questions

I have at least 3 questions related to access control. I am using
Subversion 1.0.5 through Apache 2.0.48 on Linux (David Summers' White Box
Enterprise Linux packages on CentOS). My existing configuration uses an
Active Directory for authentication and allows read-write access to any
authenticated user. This is basically what the configuration looks like:

<Location /svn>
    DAV svn
    SVNParentPath /export/subversion
    AuthLDAPURL "ldap://some-long-ldap-url"
    AuthLDAPBindDN "MY_DOMAIN\username"
    AuthLDAPBindPassword password
    AuthType Basic
    AuthName "LDAP authentication for MY_DOMAIN"
    require valid-user
</Location>

1) How do I configure anonymous read-only access and retain read-write
access for all authenticated users without having to maintain the user list
in the AuthzSVNAccessFile? I get that I need to add something like:

    AuthzSVNAccessFile /etc/svnaccess
    Satisfy Any

And I get how to grant anonymous read-only access in /etc/svnaccess:

    [/]
    * = r

And I realize I could add access back for specific users with something
like:

    [/]
    * = r
    xandy = rw

And even that I can have groups. But then I have to maintain users and
groups in /etc/svnaccess rather than leveraging what's already in Active
Directory.

2) Can the AuthzSVNAccessFile use groups defined in Active Directory, and
if so how?

3) When do changes to the AuthzSVNAccessFile take effect (e.g. immediately
on write or after Apache is restarted)?

Thanks in advance,
Xandy

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sun Jun 13 05:30:13 2004