Jared Hardy wrote:
-----Original Message-----
From: Jared Hardy [mailto:jhardy@highimpactgames.com]
Sent: Friday, April 07, 2006 3:30 PM
To: Edward Bosco
Cc: users@subversion.tigris.org
Subject: Re: HowTo for LDAP authentication combined with per-file
authorization on files / directories within a svn repository ?
I must admit I'm not using any per-directory or per-file authentication
via mod_authz_svn. I just wanted to comment that I had a lot of trouble
getting mod_auth_ldap authentication to work for my uses, with the SuSE
Linus ES 9 native OpenLDAP authentication database. What I ended up
doing is changing the pam settings in /etc/pam.d/httpd like this:
auth required pam_ldap.so
account required pam_ldap.so
After I completed that step "AuthType Basic" worked with my
Apache
2.0.49 installation. This is my apache configuration for the Subversion
share now:
<IfModule mod_dav_svn.c>
<Location /svn>
DAV svn
SVNParentPath /path/to/repos/
#SVNAutoversioning on
#Using mod_auth_pam, which is in turn using pam_ldap
AuthType Basic
AuthName "Subversion Repository"
require valid-user
require group SVNusers
</Location>
</IfModule>
I wanted to tell you this, in case your <Location> and <Files>
attempts
at webspace controls on the virtual filesystem might work more
consistently with this setup, rather than just using auth_ldap. Let me
know if you try this and succeed -- I am dreading the possibility of
needing per-directory controls at a future point in my project, and your
success would be reassuring. :)
Thanks,
Jared
Edward Bosco wrote:
> I want to control what files are downloaded to a subversion repository
> client by the user name and which group a file is associated with. All
> the various files are in a common repository. The files should be
> associated with groups of LDAP-listed users.
==
Jared -
Note that when I implemented per-file controls, and utilized the svn
command line command - svn ls ..., if a controlled file was embedded
within a directory with uncontrolled files, you got _none_ of the files
listed.
That's to say, if ebosco had permission to see all but one file in a
directory, on a svn ls ... command, I'd get no files or directories
listed.
I don't know if that's correct behaviour, or if I made a mistake.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri Apr 7 22:43:02 2006