[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Dual Authentication (LDAP/file authentication)

From: David Ferguson <ferguson.david_at_gmail.com>
Date: 2007-08-29 19:13:01 CEST

Richard,

We have this exact problem at my company. We ended up adding a second
<Location> section that points to the same repository but uses a password
file instead of LDAP. The location is slightly different (in your case it
would be "project1_rel". With this method, normal users use the standard
URL: http://svn.mycompany.com/project1. The special, password file users
use the other URL: http://svn.mycompany.com/project1_rel. This works for us
because the special users are only accessing the repository via scripted
cron jobs--the URL can be easily changed on the fly.

However, I would love to see a better solution that doesn't require a second
<Location> directive. Anyone?

thanks,
David

On 8/28/07, Richard Orta <rorta@handango.com> wrote:
>
> Hello!
>
> We are using Subversion and Apache with LDAP for authentication. We have a
> good configuration for accessing the LDAP service. For example, one of our
> project repositories would use a configuration similar to the following:
>
>
>
> LoadModule dav_svn_module modules/mod_dav_svn.so
>
> LoadModule authz_svn_module modules/mod_authz_svn.so
>
>
>
> <Location /project1>
>
> DAV svn
>
> SVNPath /home/svn/repositories/project1
>
> AuthType Basic
>
> Options Indexes FollowSymLinks
>
> AllowOverride None
>
> Order Deny,Allow
>
> Deny from all
>
> Allow from mycompany.com
>
> AuthName "svnauthority"
>
> SVNAutoversioning on
>
> AuthLDAPURL ldap://ldap-
> server.mycompany.com:389/OU=Departments,OU=ManagedUsers,DC=mycompany,DC=com?sAMAccountName
>
> AuthLDAPBindDN "CN=svnauthority,CN=Users,DC=mycompany,DC=com"
>
> AuthLDAPBindPassword "********"
>
> Require valid-user
>
> </Location>
>
>
>
>
>
> But, now we have a need for an account that is not tied to LDAP. This
> pseudo-account will be created locally on the Unix server running
> Apache/Subversion by using htpasswd. In other words, it will not have an
> LDAP or /etc/passwd entry. It will only exist in the password file (created
> by htpasswd) . So, we want the server to check LDAP first, then if the
> account is not found, check the local file for the password.
>
>
>
> Does any know how to configure Subversion/Apache to allow for
> authentication using both LDAP and the local password file?
>
>
>
> If this is already in the mail list, my apologies. I've been looking all
> day and have not found it, yet.
>
>
>
> Thanks!
>
> --Richard
>
>
>
>
>
>
>
Received on Wed Aug 29 19:10:34 2007

This is an archived mail posted to the Subversion Users mailing list.