-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Guido Anzuoni wrote:
|>I am not sure I have fully understood your problem (a little
|>example may help).
|>Anyway, I will explain may conf hoping it would somehow be useful.
You are right the explanation was somewhat short, sorry.
This is what I'm using:
<Location /svn/repos1>
# configuration of LDAP module
Include subversion/authenticate.conf
...
SVNPath /home/subversion/repos1
require group cn=project1,ou=groups,dc=sma,dc=com
require group cn=managers,ou=groups,dc=sma,dc=com
AuthzSVNAccessFile subversion/acl/auth-repos1.conf
...
</Location>
<Location /svn/repos2>
# configuration of LDAP module
Include subversion/authenticate.conf
...
SVNPath /home/subversion/repos2
require group cn=project2,ou=groups,dc=sma,dc=com
AuthzSVNAccessFile subversion/acl/auth-repos2.conf
...
</Location>
Since there are 2 different (disjunct) require statements it's
impossible to centrally define SVNParentPath.
It would be possible if Apache 2 allowed nested <Location> directives:
<Location /svn>
<Location repos1> ### -> effective "location" = /svn/repos1
</Location>
</Location>
Anyways it's more a theoretical question since I want to lock down
access to different Locations to different groups (by LDAP). Once
members of these groups are granted access, authorization is managed by
the access control (AuthzSVNAccessFile).
I see so far:
Pros: ACLs are more simple, since a * = r has only affect on the
(previouisly) authenticated group of users (require group)
Cons: Configuration of repositories is more complex. Can't add new
repositories during runtime - have to restart Apache (or re-read
configuration)
So far it's not a tragedy but if someone recommends a more elegant way
to accomplish the same, please let me know.
Reinhard
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBPfbhkeAWQwM7gdsRAo6oAJwPUFKhDKKfcIT6TX9zB+RRY/gb9ACguS+a
Fp1TWZh1vT5yW2JAK3SBNMo=
=bxIY
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Sep 7 19:59:33 2004