[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: "require group" & LDAP Authentication

From: Adam <techy4hire_at_yahoo.com>
Date: 2005-07-14 02:37:19 CEST

You're welcome, glad you got it to work!

--- hkatz@iscs-i.com wrote:

> Quoting Adam <techy4hire@yahoo.com>:
>
> > Here is my setup (which works):
>
> Adam,
>
> Thanks for the config. I had figured out that I had
> been foiled by quoting
> the spec after the require group and been overridden
> by specifying the
> mod_authz_svn access file as well.
>
> Henry
> >
> > # We will use OpenLDAP Authentication
> > AuthName "T3 Subversion Repositories"
> > AuthType Basic
> > AuthLDAPAuthoritative on
> > AuthLDAPEnabled on
> > AuthLDAPGroupAttributeIsDN on
> > AuthLDAPGroupAttribute memberUid
> > AuthLDAPUrl
> > ldap://localhost:389/ou=users,o=COMPANY?uid
> >
> > # Only system administrators need access here.
> > Require group cn=system-admins, ou=groups,
> o=COMPANY
> >
> > To give you an idea of what my LDAP directory
> looks
> > like (very simple), here is a group entry:
> >
> >
>
#################################################################
> > # Create the system-admins objectClass: posixGroup
> >
>
#################################################################
> > dn: cn=system-admins,ou=groups,o=COMPANY
> > objectClass: posixGroup
> > objectClass: top
> > cn: system-admins
> > gidNumber: 300
> > description: This group will have privs to access
> > system config repos.
> > memberUid: uid=FIRST.LAST,ou=users,o=COMPANY
> >
> >
> >
> > --- hkatz@iscs-i.com wrote:
> >
> >> Hello,
> >> Has anyone successfully gotten the require group
> >> directive to work against
> >> an LDAP URL using the config file setup under
> >> apache2? Something like this:
> >>
> >> AuthLDAPUrl
> >>
> >
>
"ldap://mx.foo.com:1389/dc=foo,dc=com?uid?sub?(objectCla
> >> ss=*)"
> >> AuthLDAPGroupAttributeIsDN On
> >> AuthLDAPGroupAttribute member
> >> AuthLDAPGroupAttribute uniquemember
> >> #Require valid-user
> >> Require group "cn=foo Portal
> >> AD,ou=Groups,ou=Pr,dc=foo,dc=com"
> >>
> >> When I try to connect it allows anyone access
> even
> >> those not in the group.
> >>
> >> Strace on the pid suggests that no group info is
> >> sent upon apache2 startup
> >> or upon the http request. Any successes out
> there?
> >>
> >> Thanks,
> >> Henry
> >>
> >>
> >>
> >
>
---------------------------------------------------------------------
> >> To unsubscribe, e-mail:
> >> users-unsubscribe@subversion.tigris.org
> >> For additional commands, e-mail:
> >> users-help@subversion.tigris.org
> >>
> >>
> >
> >
> > ===== START SIGNATURE =====
> > Kites rise highest against the wind -- not with
> it.
> > -- Winston Churchill
> >
> > It is better to be hated for what you are than
> loved for what you are not.
> > - Andre Gide
> >
> > If you always do what you've always done you'll
> always be where
> > you've always been.
> > -- Bill Purvis;
> > http://www.cascadehills.com/events/sermons.asp
> >
> > Blog: http://blogs.whyaskwhy.org/deoren/
> > ===== END SIGNATURE =====
> >
> >
> >
> >
> ____________________________________________________
> > Sell on Yahoo! Auctions – no fees. Bid on great
> items.
> > http://auctions.yahoo.com/
> >
>
>
>
>

===== START SIGNATURE =====
Kites rise highest against the wind -- not with it.
-- Winston Churchill

It is better to be hated for what you are than loved for what you are not.
- Andre Gide

If you always do what you've always done you'll always be where you've always been.
-- Bill Purvis;
http://www.cascadehills.com/events/sermons.asp

Blog: http://blogs.whyaskwhy.org/deoren/
===== END SIGNATURE =====

                
__________________________________
Do you Yahoo!?
Yahoo! Mail - Find what you need with new enhanced search.
http://info.mail.yahoo.com/mail_250

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Jul 14 02:40:05 2005

This is an archived mail posted to the Subversion Users mailing list.