[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: subversion-authorization (other than authz)

From: Michel Brabants <michel.brabants_at_euphonynet.be>
Date: 2006-09-19 23:33:07 CEST

Hello,

it seems to be a solution for the moment, although I'm not sure what to exactly think of it. Although it may be good (for the short run), I'm not so keen of it at the moment.

Thank you and greetings,

Michel

Op dinsdag 19 september 2006 21:05, schreef Mark:
> I'm using ldap auth at my site. We do svn+ssh and http[s] access to
> svn. To cover svn+ssh, we use pam_ldap and mod_ldap/mod_auth_ldap
> with apache. Works fine. For authz, I have a script that runs hourly
> to catch updates in groups (we base the authz on groups from our
> internal sourceforge site) and puts them into the project config/authz
> files as well as the apache (mod_authz_svn) authz file.
>
> Getting svn to work fine with svn+ssh and http(dav) access is not too
> difficult. Plus, if you are using ldap auth for your server anyway,
> there's nothing more to do really.
>
> Now, putting svn authz into ldap would be cool....
>
> On 9/19/06, Lieven Govaerts <svnlgo@mobsol.be> wrote:
> > michel.brabants@euphonynet.be wrote:
> > > Hello,
> > >
> > > I checked on roadmap-site of subversiona nd can't seem to find any plans
> > > to provide a kind of plugin-system to provide additional methods of
> > > authorization . This is a point in which subversion is lacking to my
> > > opinion. I could use apache to direct this, but I don't find this a good
> > > solution. If I would use apache to limit access, those permissions
> > > wouldn't be applied when ssh+svn would be used (which isn't the case).
> > > However, we use trac, which also only shows the content that a user may
> > > view, based on the authz-file. So, using apache for authorization would
> > > allow users to view the content through the trac-browse-feature.
> > > I could synchronize the files manually or using hooks to update the
> > > authz-file, but I'm not sure if that covers everything (have to check) and
> > > a plugin-system of a direct ldap-implentation would be better.
> > >
> > > So, are there any plans to implement ldap-authorization and is there a
> > > planning?
> > >
> > This has been discussed before, but there's no real set of requirements
> > let alone a design of how that will look like. Feel free to step in :)
> >
> > Some time ago there was a patch on the dev list which might or might not
> > do what you want:
> > http://svn.haxx.se/dev/archive-2006-07/0107.shtml
> >
> > Lieven.
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> > For additional commands, e-mail: users-help@subversion.tigris.org
> >
> >
>
>

  • application/pgp-signature attachment: stored
Received on Tue Sep 19 23:33:42 2006

This is an archived mail posted to the Subversion Users mailing list.