[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: subversion-authorization (other than authz)

From: Mark <mark_at_mitsein.net>
Date: 2006-09-19 21:05:11 CEST

I'm using ldap auth at my site. We do svn+ssh and http[s] access to
svn. To cover svn+ssh, we use pam_ldap and mod_ldap/mod_auth_ldap
with apache. Works fine. For authz, I have a script that runs hourly
to catch updates in groups (we base the authz on groups from our
internal sourceforge site) and puts them into the project config/authz
files as well as the apache (mod_authz_svn) authz file.

Getting svn to work fine with svn+ssh and http(dav) access is not too
difficult. Plus, if you are using ldap auth for your server anyway,
there's nothing more to do really.

Now, putting svn authz into ldap would be cool....

On 9/19/06, Lieven Govaerts <svnlgo@mobsol.be> wrote:
> michel.brabants@euphonynet.be wrote:
> > Hello,
> >
> > I checked on roadmap-site of subversiona nd can't seem to find any plans
> > to provide a kind of plugin-system to provide additional methods of
> > authorization . This is a point in which subversion is lacking to my
> > opinion. I could use apache to direct this, but I don't find this a good
> > solution. If I would use apache to limit access, those permissions
> > wouldn't be applied when ssh+svn would be used (which isn't the case).
> > However, we use trac, which also only shows the content that a user may
> > view, based on the authz-file. So, using apache for authorization would
> > allow users to view the content through the trac-browse-feature.
> > I could synchronize the files manually or using hooks to update the
> > authz-file, but I'm not sure if that covers everything (have to check) and
> > a plugin-system of a direct ldap-implentation would be better.
> >
> > So, are there any plans to implement ldap-authorization and is there a
> > planning?
> >
> This has been discussed before, but there's no real set of requirements
> let alone a design of how that will look like. Feel free to step in :)
>
> Some time ago there was a patch on the dev list which might or might not
> do what you want:
> http://svn.haxx.se/dev/archive-2006-07/0107.shtml
>
> Lieven.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
>

-- 
Mark
"Blessed is he who finds happiness in his own foolishness, for he will
always be happy."
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Sep 19 21:05:55 2006

This is an archived mail posted to the Subversion Users mailing list.