RE: AuthzSVNAccessFile and branching

Eric,

I don't have the solution for your problem, just some info that may help
you solve it.

I have the same setup like yours in terms of components and configuration,
only using different versions:

apache 2.0.54 on Suse
Subversion 1.2
Authentication against AD with mod_authz_ldap

Our LDAP configuration is identical to yours.

Our svnaccess.conf is identical to your first version.

This configuration allows us to make branches without problem.

Maybe you can post some relevant extracts of apache's error.log file?

Lieven.

-----Original Message-----
From: news [mailto:news@sea.gmane.org] On Behalf Of Eric Eickhoff
Sent: dinsdag 5 juli 2005 20:46
To: users@subversion.tigris.org
Subject: AuthzSVNAccessFile and branching

I am currently having an issue with doing a 'svn copy' command (attempting
to create a branch) and the way my access permissions are set up in the
AuthzSVNAccessFile.

I am doing LDAP authentication without a problem, and can do commits to the
repository with no problem -- it is just when doing a svn copy, I keep
getting prompted for username and password and eventually fails.

Here are the details:

Subversion 1.1.2 on RHEL v3
Authenticating against W2K Active Directory via mod_authz_ldap Apache 2.0

httpd.conf
-----------
<Location /svn>
        DAV svn
        SVNParentPath /svn
        SVNIndexXSLT "/svnindex.xsl"
        Options Indexes FollowSymLinks
        AllowOverride None
        order allow,deny
        allow from all
      AuthzLDAPMethod ldap
      AuthzLDAPServer ldap1.xyz.com:389
      AuthzLDAPBindDN "CN=subv,OU=XXX,DC=xyz, DC=com"
      AuthzLDAPBindPassword "*******"
      AuthzLDAPUserBase "ou=XXX,dc=xyz,dc=com"
      AuthzLDAPUserKey sAMAccountName
      AuthzLDAPUserScope subtree
      AuthzSVNAccessFile /opt/subversion/svn-access-file
      AuthType basic
      AuthName "Subversion Access"
      require valid-user
</Location>

svn-access-file
--------------------
[groups]
developers = user1

#to allow everyone read access
[/]

* = r

[landfill:/]
#allow all developers complete access
@developers = rw

Now, with this config, I can commit changes to the landfill repository with
no problem. However, if I try to create a branch (via svn copy), it will
fail after prompting for the username and password several times (on the
commit, it prompts once for the username/password and them performs the
commit). The apache error_log displays Access Denied entries.

If, I modify the following section of the svn-access-file as such:

[/]

* = rw

OR

[landfill:/]

* = rw

everything works without a hitch.

Based on what I have read in the manual and online, the original
configurations above should work to allow everyone read access and the
developers group read/write access (including copies). Am I way off base?

Thanks for the help!

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

--
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.8.9/39 - Release Date: 4/07/2005
 
-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.8.9/42 - Release Date: 6/07/2005
 
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org