Svn & apache & mod_perl &LDAP

Yesterday somebody asked somebody something about SVN & apache
& mod_perl & LDAP and my remark on "Use that snippet spit out by
google". Unfortunately, I seem to have deleted that mail, I
can't even remember whether this was a private mail or came over
this list.

In any case, it does not seem to be off-topic, so here comes some
slightly obfuscated snippet from my /etc/apache2/conf.d/subversion.conf
(You need to modify the lines marked by !! if you want to reuse it)

#<IfModule mod_perl.c>
<Perl >
#!/usr/bin/perl

!! my $svnbase = '/data/svn/repository';

opendir(DIR, $svnbase)
  or die "Unable to open SVN repository base '$svnbase'\n";

while (my $project = readdir(DIR)) {
  next unless $project =~ /^[[:alnum:]_\-]+$/;
  $Location{"/repository/$project"} = {
    DAV => 'svn',
    SVNPath => "$svnbase/$project",

    AuthType => 'Basic',
    AuthName => "'Subversion repository for project $project'",

    AuthLDAPAuthoritative => 'on',
!! AuthLDAPURL => 'ldap://my.ldap.server/ou=whoever,dc=company,dc=country?samaccountname
?sub?(objectClass=*)',
!! AuthLDAPBindDN => 'CN=priviledgedUser,OU=Administration,DC=company,DC=country',
!! AuthLDAPBindPassword => 'priviledgedUserPassword',
    AuthLDAPGroupAttribute => 'member',
    AuthLDAPGroupAttributeIsDN => 'on',

    SSLRequireSSL => 1,

    Order => 'allow,deny',
    Allow => 'from all',
    Satisfy => 'all',
    LimitExcept => {
      'GET PROPFIND OPTIONS NAME REPORT' => {
        Require => "group cn=$project-committers,ou=svn,dc=company,dc=country ",
      }
    },
    Limit => {
      'GET PROPFIND OPTIONS NAME REPORT' => {
        Require => "group cn=$project-readers,ou=svn,dc=company,dc=country ",
      }
    },
  };
  #print "Handling project: $project\n";
}

#closedir(DIR);

</Perl>
#</IfModule>

Hope this is helpful. To run this you need LDAP groups $project-readers and
$project-committers for every project which can be manged by your favourite
LDAP administration tools.

Andre'

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri Apr 29 08:52:36 2005