[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Access control and LDAP

From: Guido Anzuoni <guido.anzuoni_at_kyneste.com>
Date: 2004-11-29 12:30:24 CET

I use LDAP for authentication and access control but defining groups
containing LDAP account and my cn does not contain spaces (!).
More, since group members separator in AuthzSVNAccessFile is "," you
cannot configure your authentication module to return the full DN of the
authenticated subject.
Can you check the apache log to see what subject you module returns ?

I think that your module is configure to return the full DN, so when you
John SMITH = rw
the check fails because subject doesn't match.

When you set
'cn=John SMITH, ou=US, o=my-company' = rw
cn=John SMITH, ou=US, o=my-company = rw

I think that the check fails because line parser gets first "=" as a
separator between username and access control directive.


Jean-Marc.Le_Pape@alcatel.fr wrote:
> Hello,
> I've got a problem using LDAP for authentication and access control
> (AuthzSVNAccessFile).
> My problem is that i don't manage LDAP and account are store with spaces
> in name.
> eg . cn=John SMITH, ou=US, o=my-company
> Authentication works great (with mod_authz_ldap).
> but i didn't manage to autorize write access using an access file like
> that :
> [myProject:/]
> John SMITH = rw
> I have tried
> 'cn=John SMITH, ou=US, o=my-company' = rw
> cn=John SMITH, ou=US, o=my-company = rw
> 'John SMITH' = rw
> without any success.
> Have you ever tried this ? Does it worked ?
> Thanks
> Jean-Marc

To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Mon Nov 29 12:33:25 2004

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.