Hello,
Thanks for the reply, this exactly the info I was looking for (even if
it doesn't solve my problem but it's another story ;).
I didn't figure how AuthSvnAccessFile works and the interaction with
"require" that fails and let the user "anonymous" and "* = r" that
gives read access even to anonymous users.
Cheers,
Manuel
On 7/20/07, ossi petz <ossipetz@hallo.ms> wrote:
> hallo
>
> well it looks like some 'weird' plan
>
> the require user statement belongs to apache auth. not subversion. once
> ldap auth is done the user is passed to subversion and from here you
> will need to restrict repository access with your .SVNAccessFile file.
>
> users that may fail apache auth still have anonymous access. this is
> configured with the "* = r" line. telling subversion: anyone has read
> access.
>
> if you dont want anyone to be able to read you repos try it like this:
>
> # read access for the repository root (good if mutliple repos exist)?
> # if not use: * =
> [/]
> * = r
>
> [repository1:/]
> @members=rw
> manuel = r
> * =
>
>
> hope this is of any help
> regards
>
> op
>
>
>
>
> Manuel Vacelet schrieb:
> > Hello,
> >
> > I'm trying to set up LDAP authentication of users on my server with
> > AuthLDAP (auth_ldap_module). It works great but it seems
> > AuthzSVNAccessFile by pass the restrictions set with "Require user"
> > directive.
> >
> > Actually I want to restrict the read possibility of the subversion
> > repositories to a list of people (thanks to "Require user") and let
> > the possibility to each repository to define its own rules (thanks to
> > "AuthzSVNAccessFile"). But as soon as there is a '* = r' in the
> > AuthzSVNAccessFile, the "Require user" is no longer taken in account
> > (each repository can restrict access to its data but cannot "expose"
> > it more). Note: it doesn't work even if I force "statisfy all".
> >
> > Here is my <Location> for one repository:
> >
> > <Location /svnroot/code>
> > DAV svn
> > SVNPath /var/lib/svnroot/code
> > AuthType Basic
> > AuthName "Subversion Authorization"
> >
> > AuthLDAPUrl ldap://localhost:389/ou=people,dc=example,dc=com
> > AuthLDAPBindDN "ou=people,dc=example,dc=com"
> > require user "manuel"
> > AuthzSVNAccessFile /var/lib/svnroot/code/.SVNAccessFile
> > </Location>
> >
> > I there a way to force "Require" to apply ?
> >
> > -- Manuel
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri Jul 20 09:48:44 2007