[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

AuthzSVNAccessFile and trailing slashes don't mix

From: Beyer,Nathan <NBEYER_at_CERNER.COM>
Date: 2006-11-02 21:47:57 CET

I have SVN 1.4.0 running on Apache httpd on Windows 2003 using LDAP authentication against ActiveDirectory. I have multiple repos and I've been able to individually configure each of the repos to restrict read-write access to specific users, but I can't get more granular access within a repo. I setup my SVN authz file like the book says, but that didn't work very well. After hours of fiddling, I removed the trailing slash from the path in the SVN authz file and everything started working. Is the SVN book wrong??? -Nathan Here's my setup. This is the SVN authz file that doesn't work. User "dddd" can't get access to "prod:/com.xyz/trunk/com.xyz.app/" ------------ [groups] architects = xxxx, yyyy, zzzz devs = aaaaa, bbbb, cccc [test:/] * = rw [prod:/] * = r @architects = rw @devs = rw [prod:/com.xyz/trunk/com.xyz.app/] * = r @architects = rw @devs = rw dddd = rw --------------- This is the SVN authz file that does work. I just remove the trailing slash and "ddd" now has access. --------------- [groups] architects = xxxx, yyyy, zzzz devs = aaaaa, bbbb, cccc [test:/] * = rw [prod:/] * = r @architects = rw @devs = rw [prod:/com.xyz/trunk/com.xyz.app] * = r @architects = rw @devs = rw dddd = rw -------------- For additional reference, here some more setup. Here's my httpd.conf snippet: --------------- <VirtualHost *> <Directory "C:/webserver/scm"> Options Indexes FollowSymLinks AllowOverride None </Directory> <Location /svn> DAV svn SVNParentPath "c:/svn/repos" #Setup Output compression SetOutputFilter DEFLATE #Setup input decompression SetInputFilter DEFLATE <LimitExcept GET PROPFIND OPTIONS REPORT> #LDAP authentication via Basic Auth AuthName "WHQ_NT_DOMAIN" AuthType Basic AuthLDAPURL "ldap://xxxx.xxxxxx.xxx:3268/?samAccountName??(& (objectClass=person) (objectClass=user))" AuthLDAPBindDN "CN=XXXXXXX" AuthLDAPBindPassword XXXXXXX Require valid-user </LimitExcept> AuthzSVNAccessFile "c:/svn/svn-access.conf" </Location> </VirtualHost> ------------------ Here's the SVN repo folders: C:/svn/ repos/ svn-access.conf test/ prod/ ----------------------------------------- CONFIDENTIALITY NOTICE This message and any included attachments are from Cerner Corporation and are intended only for the addressee. The information contained in this message is confidential and may constitute inside or non-public information under international, federal, or state securities laws. Unauthorized forwarding, printing, copying, distribution, or use of such information is strictly prohibited and may be unlawful. If you are not the addressee, please promptly delete this message and notify the sender of the delivery error by e-mail or you may call Cerner's corporate offices in Kansas City, Missouri, U.S.A at (+1) (816)221-1024. -------------------------------------------
Received on Thu Nov 2 21:48:49 2006

This is an archived mail posted to the Subversion Users mailing list.