[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: httpd.conf problem limiting access to lower levels

From: Adam <techy4hire_at_yahoo.com>
Date: 2005-07-21 03:31:04 CEST

I am not sure if there is a better way, but I create
the groups in LDAP and also in AuthzSVNAccessFile.

The group members are authenticated by Apache config
directives and per directory access is enforced by
specifying groups of users in AuthzSVNAccessFile.

If there is a better way I am all ears. :)

Not part of the topic, but I have to say "Thanks for
such a great book!" to the authors for the great job
they continue to do.

--- "Rogers, Donald"
<Donald.Rogers@openpolytechnic.ac.nz> wrote:

> I have used that method previously, but we want to
> use LDAP, if possible. I didn't think that this
> method was usable with LDAP, but on experimenting I
> find that LDAP checks user passwords.
>
> How do you use LDAP groups with the
> AuthzSVNAccessFile method?
> or do we have to define groups in the
> AuthzSVNAccessFile rather than in LDAP?
>
> Donald
>
> -----Original Message-----
> From: Adam [mailto:techy4hire@yahoo.com]
> Sent: Wednesday, 20 July 2005 10:13 a.m.
> To: Rogers, Donald
> Cc: users@subversion.tigris.org
> Subject: Re: httpd.conf problem limiting access to
> lower levels
>
>
>
http://svnbook.red-bean.com/en/1.1/ch06s04.html#svn-ch-6-sect-4.4.2
>
> --- "Rogers, Donald"
> <Donald.Rogers@openpolytechnic.ac.nz> wrote:
>
> > We have four Subversion repositories on a Windows
> > 2000 server. We are using Apache 2.0.54,
> Subversion
> > 1.2.1 and LDAP authentication (Active Directory).
> We
> > want user groups to have different access rights
> at
> > different levels of each repository.
> >
> > We tried this type of set up in httpd.conf:
> > ...
> > <Location /subversion/xml_dev>
> > AuthName "First level"
> > <Limit GET PROPFIND PUT POST DELETE PROPPATCH
> > MKCOL COPY MOVE LOCK UNLOCK>
> > require group CN=Subversion
> Administrator,OU=Svn
> > Groups,DC=topnz,DC=ac,DC=nz
> > </Limit>
> > <Limit GET PROPFIND>
> > require group CN=Subversion Editors,OU=Svn
> > Groups,DC=topnz,DC=ac,DC=nz
> > </Limit>
> > </Location>
> >
> > <Location /subversion/xml_dev/*/*>
> > AuthName "Third level"
> > <Limit GET PROPFIND PUT POST DELETE PROPPATCH
> > MKCOL COPY MOVE LOCK UNLOCK>
> > require group CN=Subversion
> Administrator,OU=Svn
> > Groups,DC=topnz,DC=ac,DC=nz
> > require group CN=Subversion Editors,OU=Svn
> > Groups,DC=topnz,DC=ac,DC=nz
> > </Limit>
> > </Location>
> > ...
> >
> > The "First level" element works okay, but the
> "Third
> > level" element does not work, i.e. users cannot
> > commit to the repository. Does it not cope with
> the
> > asterisk notation(/subversion/xml_dev/*/* )? There
> > are about 30 folders in the second level and lots
> > more in the third level, so we don't want to have
> to
> > specify them all individually. Is there some way
> to
> > do this?
> >
> > Donald Rogers
> >
> >
> >
>
---------------------------------------------------------------------
> > To unsubscribe, e-mail:
> > users-unsubscribe@subversion.tigris.org
> > For additional commands, e-mail:
> > users-help@subversion.tigris.org
> >
> >
>
>
> ===== START SIGNATURE =====
> Kites rise highest against the wind -- not with it.
> -- Winston Churchill
>
> It is better to be hated for what you are than loved
> for what you are not.
> - Andre Gide
>
> If you always do what you've always done you'll
> always be where you've always been.
> -- Bill Purvis;
> http://www.cascadehills.com/events/sermons.asp
>
> Blog: http://blogs.whyaskwhy.org/deoren/
> ===== END SIGNATURE =====
>
>
>
> __________________________________
> Do you Yahoo!?
> Yahoo! Mail - Find what you need with new enhanced
> search.
> http://info.mail.yahoo.com/mail_250
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail:
> users-help@subversion.tigris.org
>
>

===== START SIGNATURE =====
Kites rise highest against the wind -- not with it.
-- Winston Churchill

It is better to be hated for what you are than loved for what you are not.
- Andre Gide

If you always do what you've always done you'll always be where you've always been.
-- Bill Purvis;
http://www.cascadehills.com/events/sermons.asp

Blog: http://blogs.whyaskwhy.org/deoren/
===== END SIGNATURE =====

                
____________________________________________________
Start your day with Yahoo! - make it your home page
http://www.yahoo.com/r/hs
 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Jul 21 03:32:34 2005

This is an archived mail posted to the Subversion Users mailing list.