[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

AuthzSVNAccessFile and branching

From: Eric Eickhoff <ejeickhoff_at_sigma-micro.com>
Date: 2005-07-05 20:46:12 CEST

I am currently having an issue with doing a 'svn copy' command (attempting
to create a branch) and the way my access permissions are set up in the
AuthzSVNAccessFile.

I am doing LDAP authentication without a problem, and can do commits to the
repository with no problem -- it is just when doing a svn copy, I keep
getting prompted for username and password and eventually fails.

Here are the details:

Subversion 1.1.2 on RHEL v3
Authenticating against W2K Active Directory via mod_authz_ldap
Apache 2.0

httpd.conf
-----------
<Location /svn>
        DAV svn
        SVNParentPath /svn
        SVNIndexXSLT "/svnindex.xsl"
        Options Indexes FollowSymLinks
        AllowOverride None
        order allow,deny
        allow from all
      AuthzLDAPMethod ldap
      AuthzLDAPServer ldap1.xyz.com:389
      AuthzLDAPBindDN "CN=subv,OU=XXX,DC=xyz, DC=com"
      AuthzLDAPBindPassword "*******"
      AuthzLDAPUserBase "ou=XXX,dc=xyz,dc=com"
      AuthzLDAPUserKey sAMAccountName
      AuthzLDAPUserScope subtree
      AuthzSVNAccessFile /opt/subversion/svn-access-file
      AuthType basic
      AuthName "Subversion Access"
      require valid-user
</Location>

svn-access-file
--------------------
[groups]
developers = user1

#to allow everyone read access
[/]

* = r

[landfill:/]
#allow all developers complete access
@developers = rw

Now, with this config, I can commit changes to the landfill repository with
no problem. However, if I try to create a branch (via svn copy), it will
fail after prompting for the username and password several times (on the
commit, it prompts once for the username/password and them performs the
commit). The apache error_log displays Access Denied entries.

If, I modify the following section of the svn-access-file as such:

[/]

* = rw

OR

[landfill:/]

* = rw

everything works without a hitch.

Based on what I have read in the manual and online, the original
configurations above should work to allow everyone read access and the
developers group read/write access (including copies). Am I way off base?

Thanks for the help!

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Jul 5 20:52:20 2005

This is an archived mail posted to the Subversion Users mailing list.