Would you mind show me how to do LDAP?
I have AD(win2003)/LADP and all users have both AD & NIS account.
I am willing to give it a try to get the security in place.
Thanks again.
-Lu
-----Original Message-----
From: Lieven Govaerts [mailto:lgo@mobsol.be]
Sent: Tuesday, December 27, 2005 8:36 AM
To: Chien-Chung Lu
Cc: users@subversion.tigris.org
Subject: RE: Svn configuration help needed.
Lu,
If you handle the NIS authorization part through an apache module, the users
are automatically reused by mod_auth_svn to validate authorization.
I'm only familiar with LDAP/AD integration so I can't help you on the NIS
authorization.
Lieven.
Quoting Chien-Chung Lu <cclu@yahoo.com>:
>
> Is there a way to utilize the existing group in NIS?
> In your svnaccess.conf, are account1,account2, and account3 nis users
> or I need to create account1, account2, and account3 locally?
> Thanks you for your help.
> -Lu
>
> -----Original Message-----
> From: Lieven Govaerts [mailto:lgo@mobsol.be]
> Sent: Tuesday, December 27, 2005 2:16 AM
> To: cclu@yahoo.com
> Cc: users@subversion.tigris.org
> Subject: Re: Svn configuration help needed.
>
> Hi Lu,
>
>
> you need 'Per-Directory Access Control' for that, which can be
> achieved using the authz_svn module ( which you already include ).
>
> In httpd.conf, in your /svn Location, add:
>
> # access control policy
> AuthzSVNAccessFile /svn/config/svnaccess.conf ( change path and
> filename according to your environment )
>
> and drop the 'Require eng' line. You will be doing this in another way.
>
> Then create a new file svnaccess.conf like this:
> ------------------------------
> [groups]
> eng = account1, account2
> arch = account1, account3
> tools = account1, account3
>
> [/]
> * =
>
> [repos1:/public]
> eng = rw
>
> [repos1:/secured]
> arch = rw
>
> [repos2:/secured]
> tools = rw
> -------------------------------
>
> Disadvantage is that you have to maintain the list of users ( which
> user belongs to which group ) in the svnaccess.conf file.
>
> Check the Subversion book for a better explanation:
> http://svnbook.red-bean.com/nightly/en/svn.serverconfig.httpd.html#svn
> .serve
> rconfig.httpd.authz.perdir
>
> regards,
>
> Lieven.
>
>
>
> > -----Original Message-----
> > From: Chien-Chung Lu [mailto:cclu@yahoo.com]
> > Sent: dinsdag 27 december 2005 7:47
> > To: users@subversion.tigris.org
> > Subject: Svn configuration help needed.
> >
> > Hi, All,
> >
> > I am very new at svn and appreciate if anyone can give me some
> > pointers,
> >
> > Here is my current setup -
> > svn, version 1.2.3 (r15833) with Apache 2.0 I have setup
> > repositories as http://wwwin/svn/repos1/secured/trunk
> > http://wwwin/svn/repos1/secured/branches
> > http://wwwin/svn/repos1/secured/tags
> >
> > http://wwwin/svn/repos1/public/trunk
> > http://wwwin/svn/repos1/public/branches
> > http://wwwin/svn/repos1/public/tags
> >
> > and same on repos2
> > http://wwwin/svn/repos2
> >
> >
> > Under /etc/httpd/conf/httpd.conf, I have
> >
> > LoadModule access_module modules/mod_access.so LoadModule
> > auth_module modules/mod_auth.so LoadModule auth_anon_module
> > modules/mod_auth_anon.so LoadModule auth_dbm_module
> > modules/mod_auth_dbm.so LoadModule auth_digest_module
> > modules/mod_auth_digest.so LoadModule auth_pam_module
> > modules/mod_auth_pam.so LoadModule auth_sys_group_module
> modules/mod_auth_sys_group.so
> > LoadModule dav_svn_module /usr/lib/httpd/modules/mod_dav_svn.so
> > LoadModule authz_svn_module /usr/lib/httpd/modules/mod_authz_svn.so
> >
> > <Location /svn>
> > DAV svn
> > SVNParentPath /import/svn
> > AuthType Basic
> > AuthName "Subversion Repository"
> > Require group eng
> > </Location>
> >
> > Under nis, I have group eng, arch, tools How do I modify httpd.conf
> > so # eng group can access repos1/public, but not repos1/secured.
> > # only arch group can access repos1/secured # only tools group can
> > access repos2/secured
> >
> > How do I modify <Location /svn> to achive what I need?
> > Appreciate your help.
> > Thanks.
> > -Lu
>
>
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.
>
>
>
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Dec 27 20:23:16 2005