[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: HowTo for LDAP authentication combined with per-file authorization on files / directories within a svn repository ?

From: Edward Bosco <ebosco_at_prologic-inc.com>
Date: 2006-04-07 22:39:41 CEST

Jared Hardy wrote:
-----Original Message-----
From: Jared Hardy [mailto:jhardy@highimpactgames.com]
Sent: Friday, April 07, 2006 3:30 PM
To: Edward Bosco
Cc: users@subversion.tigris.org
Subject: Re: HowTo for LDAP authentication combined with per-file
authorization on files / directories within a svn repository ?

I must admit I'm not using any per-directory or per-file authentication
via mod_authz_svn. I just wanted to comment that I had a lot of trouble
getting mod_auth_ldap authentication to work for my uses, with the SuSE
Linus ES 9 native OpenLDAP authentication database. What I ended up
doing is changing the pam settings in /etc/pam.d/httpd like this:

auth required pam_ldap.so
account required pam_ldap.so

        After I completed that step "AuthType Basic" worked with my
Apache
2.0.49 installation. This is my apache configuration for the Subversion
share now:

<IfModule mod_dav_svn.c>

<Location /svn>
DAV svn
SVNParentPath /path/to/repos/
#SVNAutoversioning on
#Using mod_auth_pam, which is in turn using pam_ldap
AuthType Basic
AuthName "Subversion Repository"
require valid-user
require group SVNusers
</Location>

</IfModule>

        I wanted to tell you this, in case your <Location> and <Files>
attempts
at webspace controls on the virtual filesystem might work more
consistently with this setup, rather than just using auth_ldap. Let me
know if you try this and succeed -- I am dreading the possibility of
needing per-directory controls at a future point in my project, and your
success would be reassuring. :)

        Thanks,
        Jared

Edward Bosco wrote:
> I want to control what files are downloaded to a subversion repository
> client by the user name and which group a file is associated with. All
> the various files are in a common repository. The files should be
> associated with groups of LDAP-listed users.

==

Jared -

Note that when I implemented per-file controls, and utilized the svn
command line command - svn ls ..., if a controlled file was embedded
within a directory with uncontrolled files, you got _none_ of the files
listed.

That's to say, if ebosco had permission to see all but one file in a
directory, on a svn ls ... command, I'd get no files or directories
listed.

I don't know if that's correct behaviour, or if I made a mistake.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri Apr 7 22:43:02 2006

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.