[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: SVN LADP Group Authentication

From: Ashwin Basagouda Patil <ashwin.patil_at_robosoftin.com>
Date: Sat, 02 Feb 2008 12:00:11 +0530

Thanks, for the information.

But,

Please note that I am aware of group authentication by SVNAuthoriozation
file, but my concern is authentication through the LDAP server. I dont want
to add "@group" in the SVN authorization file aNY WAY.

The users present in the group of the LDAP server should get the access if
just mentioned the group name in the SVNAuthorization file.

Thanks,
Ashwin Patil

-----Original Message-----
From: Frank Gruman <fgatwork_at_verizon.net>
To: Ashwin Basagouda Patil <ashwin.patil_at_robosoftin.com>
Date: Fri, 01 Feb 2008 22:17:03 -0500
Subject: Re: SVN LADP Group Authentication

> Ashwin,
>
> Did you read the book on path-based authorization? Particularly,
> groups. Perhaps this will help you?
> http://svnbook.red-bean.com/en/1.4/svn.serverconfig.pathbasedauthz.html
>
> Regards,
> Frank
>
> On Wed, 2008-01-30 at 20:38 +0530, Ashwin Basagouda Patil wrote:
> > Dear All,
> >
> >
> > Sorry for asking again with new subject line, but please note that I
> never
> > received any response from any one for this my request. Please help me
> in
> > this regards.
> >
> > Please read full mail. Please excuse me if it so long. I tried to
> explain
> > my configuration.
> >
> > We recently upgraded our SVN server to 1.4.5 and apache 2.054 also it
> is
> > configured for authentication to SVN by user in LDAP. It is working
> fine
> > for all the users.
> >
> > Now we are need of group authentication, I mean the users present in a
> > group of LDAP should grant the access to SVN, if group name is
> mentioned in
> > the SVN_Authorization file.
> >
> >
> > I have virtual hosting for the apache configuration:
> >
> > Apache configuration: ssl.conf file
> >
> >
> >
> >
> >
> > ##################### start of file
> #######################################
> > NameVirtualHost *:443
> > LDAPTrustedCA /usr/local/apache2/conf/ssl/cacert.pem
> > LDAPTrustedCAType BASE64_FILE
> > SSLRandomSeed startup builtin
> > SSLRandomSeed connect builtin
> > <IfDefine SSL>
> > Listen 443
> > AddType application/x-x509-ca-cert .crt
> > AddType application/x-pkcs7-crl .crl
> > SSLPassPhraseDialog builtin
> > SSLSessionCache dbm:/usr/local/apache2/logs/ssl_scache
> > SSLSessionCacheTimeout 300
> > SSLMutex file:/usr/local/apache2/logs/ssl_mutex
> > AcceptMutex flock
> > SSLEngine on
> > SSLCipherSuite ALL:!ADH:!
> > EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> > SSLCertificateFile /usr/local/apache2/conf/ssl/server.crt
> > SSLCertificateKeyFile /usr/local/apache2/conf/ssl/server.key
> > SSLCACertificateFile /usr/local/apache2/conf/ssl/cacert.pem
> >
> > ####################### test_at_robosoft.co.in
> ###############################
> >
> > <VirtualHost *:443>
> > ServerName test.robosoft.co.in
> > ServerAdmin root_at_robosoftin.com
> > DocumentRoot /Volumes/Projects/test/
> > <Location />
> > DAV svn
> > SVNPath /Volumes/Projects/Subversion/Projects/test/
> >
> > AuthName "Robosoft Technologies Pvt Ltd"
> > AuthType Basic
> >
> > AuthLDAPUrl
> "ldaps://roboserver.robosoft.co.in/cn=users,dc=RoboServer?cn"
> > # Auth on
> > Require ldap-group cn=groups,dc=RoboServer?cn
> >
> > # Our access control policy
> >
> > AuthzSVNAccessFile /Volumes/Projects/Subversion/Projects/test/test.txt
> > </Location>
> > ErrorLog /Volumes/Projects/Subversion/Projects/test/error.log
> > CustomLog /Volumes/Projects/Subversion/Projects/test/access.log
> > common
> > <FilesMatch "\.(cgi|shtml|phtml|php3?)$">
> > SSLOptions +StdEnvVars
> > </FilesMatch>
> > <Directory "/usr/local/apache2/cgi-bin">
> > SSLOptions +StdEnvVars
> > </Directory>
> > SetEnvIf User-Agent ".*MSIE.*" \
> > nokeepalive ssl-unclean-shutdown \
> > downgrade-1.0 force-response-1.0
> >
> > </VirtualHost>
> >
> > </IfDefine>
> >
> >
> >
> #########################################################################
> #
> >
> >
> > Also IO have the bello configuration in my SVN_Authorization file as
> listed
> > bellow.
> >
> > Path : as mentioned in ssl.conf file
> >
> > AuthzSVNAccessFile /Volumes/Projects/Subversion/Projects/test/test.txt
> >
> > [/]
> > ashwin = r
> > name2 = r
> > name3 = r
> > name4 = r
> > * =
> >
> > [/dir1]
> > ashwin = rw
> > name2 = r
> > name3 = rw
> > name4 = rw
> > * =
> >
> > [/dir1/dir2]
> > ashwin = rw
> > name2 = r
> > name3 =
> > name4 = r
> > * =
> >
> >
> > [/dirA]
> > ashwin = rw
> > name2 = r
> > name3 =
> > name4 = r
> >
> > [/dirA/dirB]
> > ashwin = rw
> > name2 = r
> > name3 =
> > name4 = r
> > * =
> >
> > #################END OF FILE AuthzSVNAccessFile
> ########################
> >
> > Please help me how I can success to authenticate a user present in the
> LDAP
> > dir group and group name is mentioned in "AuthzSVNAccessFile".
> >
> >
> > Thanks in Advence.
> > Ashwin Patil
> >
> >
> >
> >
> >
> >
> > -----------------------------------------------
> > Robosoft Technologies - Come home to Technology
> >
> > Disclaimer: This email may contain confidential material. If you were
> not an intended recipient, please notify the sender and delete all
> copies. Emails to and from our network may be logged and monitored. This
> email and its attachments are scanned for virus by our scanners and are
> believed to be safe. However, no warranty is given that this email is
> free of malicious content or virus.
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
> > For additional commands, e-mail: users-help_at_subversion.tigris.org
> >
>

-----------------------------------------------
Robosoft Technologies - Come home to Technology

Disclaimer: This email may contain confidential material. If you were not an intended recipient, please notify the sender and delete all copies. Emails to and from our network may be logged and monitored. This email and its attachments are scanned for virus by our scanners and are believed to be safe. However, no warranty is given that this email is free of malicious content or virus.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-02-02 07:30:46 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.