[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Authenticate both LDAP and from an AuthUserFile

From: Sean Kelley <sean.sweng_at_gmail.com>
Date: 2006-08-23 06:36:50 CEST

On 8/22/06, Ryan Schmidt <subversion-2006c@ryandesign.com> wrote:
>
> On Aug 22, 2006, at 16:09, Sean Kelley wrote:
>
> > Is it possible to authenticate from both LDAP and from an
> > AuthUserFile?
>
> When I looked into this years ago, my reading of the Apache
> documentation was that it should be possible, but I could never get
> it to work, and I gave up on trying.

I think I have gotten it to work using AuthAuthoritative Off prior to
defining the AuthUserFile.

It seems to handle LDAP or the file fine now.

<Location /svn>

  # Uncomment this to enable the repository,
  DAV svn

  # Set this to the path to your repository
  SVNPath /var/lib/svn

  # Authentication
   AuthType Basic
   AuthName "Subversion Repository"
   AuthLDAPUrl ldap://ldap.example.com:389/t=example?cn
   #<LimitExcept GET PROPFIND OPTIONS REPORT>
   #require group cn=ENG_SVN_Devs,ou=Groups,ou=OFFICE,o=EXMPL
   AuthLDAPBindDN "cn=ENG_SVN_PND_Devs,ou=Groups,ou=OFFICE,o=EXMPL"
   #</LimitExcept>
   #SSLCACertificateFile /etc/apache2/ssl/cert.pem
   #SSLVerifyClient require
   #SSLVerifyDepth 1

  # The following allows for basic http authentication. Basic authentication
  # should not be considered secure for any particularly rigorous definition of
  # secure.

  # to create a passwd file
  # # rm -f /etc/apache2/dav_svn.passwd
  # # htpasswd2 -c /etc/apache2/dav_svn.passwd dwhedon
  # New password:
  # Re-type new password:
  # Adding password for user dwhedon
  # #

  # Uncomment the following 3 lines to enable Basic Authentication
  # AuthType Basic
  # AuthName "Subversion Repository"
  AuthAuthoritative Off
  AuthUserFile /etc/apache2/dav_svn.passwd

  # Uncomment the following line to enable Authz Authentication
  AuthzSVNAccessFile /etc/apache2/dav_svn.authz

  # The following three lines allow anonymous read, but make
  # committers authenticate themselves.

  #<LimitExcept GET PROPFIND OPTIONS REPORT>
  Require valid-user
  #</LimitExcept>

</Location>

Sean

>
>
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Aug 23 06:38:00 2006

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.