[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Apache+svn+authorization

From: Mário Lopes <mario.lopes_at_gmail.com>
Date: 2005-10-02 21:16:55 CEST

This may be a little out of the scope of this mailing list, but is it
easy to put LDAP to check auth against unix system users/groups
(/etc/shadow and /etc/group) ? Has anyone managed to do it? Because I
wasn't successful trying to put SVN to authenticate through Apache and
PAM.

The idea is that users have its accounts on the repository server and
can access to the repository which group owner they belong to.

-- Mário

On 9/30/05, Frank Gruman <fgatwork@verizon.net> wrote:
> Greg Thomas wrote:
> > On Fri, 30 Sep 2005 00:31:19 +0200, Miquel Serra <xabeec@yahoo.es>
> > wrote:
> >
> >
> >> as I can manage the authorizations by means of ldap?
> >>
> >
> > I'm using the experimental mod_auth_ldap module that comes with Apache
> > - and despite the 'experimental' tag it works just fine once you've
> > got it build (I see it's going 'mainstream' in Apache 2.2). My
> > <Location> block looks something like ...
> >
> > <Location /svn>
> > DAV svn
> > SVNPath /home/export/svn/svn-repos
> >
> > # Which users can access the repository?
> > AuthzSVNAccessFile /home/export/svn/svn-config/access-file
> >
> > Require valid-user
> >
> > # how to get a username/password from the browser
> > AuthType Basic
> > AuthName "Subversion repository"
> >
> > # How to verify that it's the right password for that user.
> > AuthLDAPUrl [LDAPSearchURL]
> > AuthLDAPBindDN [LDAPBindDN]
> > AuthLDAPBindPassword [LDAPPassword]
> > </Location>
> >
> > You'll just need to change the three AuthLDAP* directives to meet the
> > particular structure of your own LDAP directory. The mod_auth_ldap
> > docs are quite helpful on this one, IIRC.
> >
> > HTH,
> >
> > Greg
> >
>
> I'm doing the same thing with success on my repositories as well. The
> only thing to remember is to make sure the user login is entered EXACTLY
> as Apache sees it into the AuthzSVNAcessFile. Otherwise you will run
> into problems there. You can verify how Apache reads it through your
> access log.
>
> Good luck!
> Frank
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sun Oct 2 21:19:10 2005

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.