[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: AuthzSVNAccessFile

From: Johan Bogema <johan_at_bogema.nl>
Date: Fri, 11 Apr 2008 08:31:27 +0200

On 10 apr 2008, at 16:29, Phil Pinkerton wrote:

>
> On Thu, Apr 10, 2008 at 10:12 AM, Johan Bogema <johan_at_bogema.nl>
> wrote:
> Hi all,
>
> I have a problem that I can't get rid of and that is quite a big
> problem. I am setting up a new server infrastructure for the company
> where I work, and have some trouble with the rights assignment for
> Subversion in regard to the Tortoise client. Let me first lay out my
> configuration:
>
> OS: MS Server 2003 DataCenter
> Apache: 2.2.6
> SVN: 1.4.6
>
> Configuration part of Apache with regard to SVN:
>
> DAV svn
> SVNParentPath D:\SVN
> SVNListParentPath On
> AuthType SSPI
> SSPIAuth On
> SSPIAuthoritative On
> SSPIDomain DOMAIN
> SSPIOfferBasic On
> AuthName "Subversion repositories"
> AuthzSVNAccessFile D:\authzaccess
> Require valid-user
> SSLRequireSSL
>
> layout of D:\authzaccess:
>
> [groups]
> admin = firstname.lastname,DOMAIN\\Firstname.Lastname,
>
> [/]
> * = r
>
> [adminrepo:/]
> @admin = rw
>
> Now my problem is that I can only change things in my repositories
> (as user from the admin group) when I have the following entry in d:
> \authzaccess:
>
> [/]
> * = rw
>
> As you might understand, this is not what I want but I can't seem to
> find the solution anywhere on the internet. Have been searching now
> for several days but my Tortoise client keeps on whining about
> authentication errors. If I enable that entry, it's no problem to do
> whatever in my repositories, but then it's possible for all
> authenticated users from our domain DOMAIN.
>
> I hope anyone of you knows where the problem lies.
>
> Regards,
>
> JB
>
> try in this order:
> [/]
> @svnAdmins = rw
> * = r

Hi Phil,

Thanks for the reply, but this unfortunately does not solve the
problem. If I add @admin = rw to the [/] part, it does not change a
thing, neither when it is above or below the * = r.
The error log from apache gives the following information:

[Fri Apr 11 08:23:17 2008] [error] [client <ipaddress>] Access denied:
'DOMAIN\\Firstname.Lastname' MKACTIVITY adminrepo:

Regards,

JB
Received on 2008-04-11 08:31:52 CEST

This is an archived mail posted to the Subversion Users mailing list.