[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: httpd.conf problem limiting access to lower levels

From: Rogers, Donald <Donald.Rogers_at_openpolytechnic.ac.nz>
Date: 2005-07-20 23:58:09 CEST

I have used that method previously, but we want to use LDAP, if possible. I didn't think that this method was usable with LDAP, but on experimenting I find that LDAP checks user passwords.

How do you use LDAP groups with the AuthzSVNAccessFile method?
or do we have to define groups in the AuthzSVNAccessFile rather than in LDAP?

Donald

-----Original Message-----
From: Adam [mailto:techy4hire@yahoo.com]
Sent: Wednesday, 20 July 2005 10:13 a.m.
To: Rogers, Donald
Cc: users@subversion.tigris.org
Subject: Re: httpd.conf problem limiting access to lower levels

http://svnbook.red-bean.com/en/1.1/ch06s04.html#svn-ch-6-sect-4.4.2

--- "Rogers, Donald"
<Donald.Rogers@openpolytechnic.ac.nz> wrote:

> We have four Subversion repositories on a Windows
> 2000 server. We are using Apache 2.0.54, Subversion
> 1.2.1 and LDAP authentication (Active Directory). We
> want user groups to have different access rights at
> different levels of each repository.
>
> We tried this type of set up in httpd.conf:
> ...
> <Location /subversion/xml_dev>
> AuthName "First level"
> <Limit GET PROPFIND PUT POST DELETE PROPPATCH
> MKCOL COPY MOVE LOCK UNLOCK>
> require group CN=Subversion Administrator,OU=Svn
> Groups,DC=topnz,DC=ac,DC=nz
> </Limit>
> <Limit GET PROPFIND>
> require group CN=Subversion Editors,OU=Svn
> Groups,DC=topnz,DC=ac,DC=nz
> </Limit>
> </Location>
>
> <Location /subversion/xml_dev/*/*>
> AuthName "Third level"
> <Limit GET PROPFIND PUT POST DELETE PROPPATCH
> MKCOL COPY MOVE LOCK UNLOCK>
> require group CN=Subversion Administrator,OU=Svn
> Groups,DC=topnz,DC=ac,DC=nz
> require group CN=Subversion Editors,OU=Svn
> Groups,DC=topnz,DC=ac,DC=nz
> </Limit>
> </Location>
> ...
>
> The "First level" element works okay, but the "Third
> level" element does not work, i.e. users cannot
> commit to the repository. Does it not cope with the
> asterisk notation(/subversion/xml_dev/*/* )? There
> are about 30 folders in the second level and lots
> more in the third level, so we don't want to have to
> specify them all individually. Is there some way to
> do this?
>
> Donald Rogers
>
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail:
> users-help@subversion.tigris.org
>
>

===== START SIGNATURE =====
Kites rise highest against the wind -- not with it.
-- Winston Churchill

It is better to be hated for what you are than loved for what you are not.
- Andre Gide

If you always do what you've always done you'll always be where you've always been.
-- Bill Purvis;
http://www.cascadehills.com/events/sermons.asp

Blog: http://blogs.whyaskwhy.org/deoren/
===== END SIGNATURE =====

                
__________________________________
Do you Yahoo!?
Yahoo! Mail - Find what you need with new enhanced search.
http://info.mail.yahoo.com/mail_250

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Jul 20 23:59:48 2005

This is an archived mail posted to the Subversion Users mailing list.