Perhaps the suggestion in this link
(http://blogs.open.collab.net/svn/2007/03/subversion_ldap.html) will
help. The suggestion I am referring to is not the initial post, but the
third or fourth comment down. Beyond this, I don't believe there is a
way to get finer grained controls without using the auth file.
Rereading you post, I wonder if you do really need the access file. Are
all of your repositories separate? Would you be against multiple
<Location> directives? My own personal use has been using LDAP and
LIMIT / LIMIT EXCEPT configuration to set groups to specific
repositories. Each repository belongs to a product team. For the most
part, our development teams have full write access to their project, so
perhaps I don't need as much fine-grained control.
Sorry I couldn't be more help.
Regards,
Frank
On Sat, 2008-02-02 at 12:00 +0530, Ashwin Basagouda Patil wrote:
> Thanks, for the information.
>
> But,
>
> Please note that I am aware of group authentication by SVNAuthoriozation
> file, but my concern is authentication through the LDAP server. I dont want
> to add "@group" in the SVN authorization file aNY WAY.
>
> The users present in the group of the LDAP server should get the access if
> just mentioned the group name in the SVNAuthorization file.
>
> Thanks,
> Ashwin Patil
>
> -----Original Message-----
> From: Frank Gruman <fgatwork_at_verizon.net>
> To: Ashwin Basagouda Patil <ashwin.patil_at_robosoftin.com>
> Date: Fri, 01 Feb 2008 22:17:03 -0500
> Subject: Re: SVN LADP Group Authentication
>
> > Ashwin,
> >
> > Did you read the book on path-based authorization? Particularly,
> > groups. Perhaps this will help you?
> > http://svnbook.red-bean.com/en/1.4/svn.serverconfig.pathbasedauthz.html
> >
> > Regards,
> > Frank
> >
> > On Wed, 2008-01-30 at 20:38 +0530, Ashwin Basagouda Patil wrote:
> > > Dear All,
> > >
> > >
> > > Sorry for asking again with new subject line, but please note that I
> > never
> > > received any response from any one for this my request. Please help me
> > in
> > > this regards.
> > >
> > > Please read full mail. Please excuse me if it so long. I tried to
> > explain
> > > my configuration.
> > >
> > > We recently upgraded our SVN server to 1.4.5 and apache 2.054 also it
> > is
> > > configured for authentication to SVN by user in LDAP. It is working
> > fine
> > > for all the users.
> > >
> > > Now we are need of group authentication, I mean the users present in a
> > > group of LDAP should grant the access to SVN, if group name is
> > mentioned in
> > > the SVN_Authorization file.
> > >
> > >
> > > I have virtual hosting for the apache configuration:
> > >
> > > Apache configuration: ssl.conf file
> > >
> > >
> > >
> > >
> > >
> > > ##################### start of file
> > #######################################
> > > NameVirtualHost *:443
> > > LDAPTrustedCA /usr/local/apache2/conf/ssl/cacert.pem
> > > LDAPTrustedCAType BASE64_FILE
> > > SSLRandomSeed startup builtin
> > > SSLRandomSeed connect builtin
> > > <IfDefine SSL>
> > > Listen 443
> > > AddType application/x-x509-ca-cert .crt
> > > AddType application/x-pkcs7-crl .crl
> > > SSLPassPhraseDialog builtin
> > > SSLSessionCache dbm:/usr/local/apache2/logs/ssl_scache
> > > SSLSessionCacheTimeout 300
> > > SSLMutex file:/usr/local/apache2/logs/ssl_mutex
> > > AcceptMutex flock
> > > SSLEngine on
> > > SSLCipherSuite ALL:!ADH:!
> > > EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> > > SSLCertificateFile /usr/local/apache2/conf/ssl/server.crt
> > > SSLCertificateKeyFile /usr/local/apache2/conf/ssl/server.key
> > > SSLCACertificateFile /usr/local/apache2/conf/ssl/cacert.pem
> > >
> > > ####################### test_at_robosoft.co.in
> > ###############################
> > >
> > > <VirtualHost *:443>
> > > ServerName test.robosoft.co.in
> > > ServerAdmin root_at_robosoftin.com
> > > DocumentRoot /Volumes/Projects/test/
> > > <Location />
> > > DAV svn
> > > SVNPath /Volumes/Projects/Subversion/Projects/test/
> > >
> > > AuthName "Robosoft Technologies Pvt Ltd"
> > > AuthType Basic
> > >
> > > AuthLDAPUrl
> > "ldaps://roboserver.robosoft.co.in/cn=users,dc=RoboServer?cn"
> > > # Auth on
> > > Require ldap-group cn=groups,dc=RoboServer?cn
> > >
> > > # Our access control policy
> > >
> > > AuthzSVNAccessFile /Volumes/Projects/Subversion/Projects/test/test.txt
> > > </Location>
> > > ErrorLog /Volumes/Projects/Subversion/Projects/test/error.log
> > > CustomLog /Volumes/Projects/Subversion/Projects/test/access.log
> > > common
> > > <FilesMatch "\.(cgi|shtml|phtml|php3?)$">
> > > SSLOptions +StdEnvVars
> > > </FilesMatch>
> > > <Directory "/usr/local/apache2/cgi-bin">
> > > SSLOptions +StdEnvVars
> > > </Directory>
> > > SetEnvIf User-Agent ".*MSIE.*" \
> > > nokeepalive ssl-unclean-shutdown \
> > > downgrade-1.0 force-response-1.0
> > >
> > > </VirtualHost>
> > >
> > > </IfDefine>
> > >
> > >
> > >
> > #########################################################################
> > #
> > >
> > >
> > > Also IO have the bello configuration in my SVN_Authorization file as
> > listed
> > > bellow.
> > >
> > > Path : as mentioned in ssl.conf file
> > >
> > > AuthzSVNAccessFile /Volumes/Projects/Subversion/Projects/test/test.txt
> > >
> > > [/]
> > > ashwin = r
> > > name2 = r
> > > name3 = r
> > > name4 = r
> > > * =
> > >
> > > [/dir1]
> > > ashwin = rw
> > > name2 = r
> > > name3 = rw
> > > name4 = rw
> > > * =
> > >
> > > [/dir1/dir2]
> > > ashwin = rw
> > > name2 = r
> > > name3 =
> > > name4 = r
> > > * =
> > >
> > >
> > > [/dirA]
> > > ashwin = rw
> > > name2 = r
> > > name3 =
> > > name4 = r
> > >
> > > [/dirA/dirB]
> > > ashwin = rw
> > > name2 = r
> > > name3 =
> > > name4 = r
> > > * =
> > >
> > > #################END OF FILE AuthzSVNAccessFile
> > ########################
> > >
> > > Please help me how I can success to authenticate a user present in the
> > LDAP
> > > dir group and group name is mentioned in "AuthzSVNAccessFile".
> > >
> > >
> > > Thanks in Advence.
> > > Ashwin Patil
> > >
> > >
> > >
> > >
> > >
> > >
> > > -----------------------------------------------
> > > Robosoft Technologies - Come home to Technology
> > >
> > > Disclaimer: This email may contain confidential material. If you were
> > not an intended recipient, please notify the sender and delete all
> > copies. Emails to and from our network may be logged and monitored. This
> > email and its attachments are scanned for virus by our scanners and are
> > believed to be safe. However, no warranty is given that this email is
> > free of malicious content or virus.
> > >
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
> > > For additional commands, e-mail: users-help_at_subversion.tigris.org
> > >
> >
>
>
> -----------------------------------------------
> Robosoft Technologies - Come home to Technology
>
> Disclaimer: This email may contain confidential material. If you were not an intended recipient, please notify the sender and delete all copies. Emails to and from our network may be logged and monitored. This email and its attachments are scanned for virus by our scanners and are believed to be safe. However, no warranty is given that this email is free of malicious content or virus.
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-02-03 09:18:19 CET