[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Authentication issue

From: Quinn Taylor <quinntaylor_at_mac.com>
Date: Wed, 13 Aug 2008 15:27:45 -0600

I'm not sure of the specifics of applying it with MS AD or your setup
specifics, but you can use the Apache <Limit> and <LimitExcept>
directives to restrict groups that can access certain things.

   # restrict write access
   <LimitExcept GET PROPFIND OPTIONS REPORT>
     ...
   </LimitExcept>

   # restrict read access
   <Limit GET PROPFIND OPTIONS REPORT>
     ...
   </Limit>

For examples, see:
        http://svnbook.red-bean.com/en/1.4/svn.serverconfig.httpd.html#svn.serverconfig.httpd.authz
        http://drupal.org/node/222201

  - Quinn

On Aug 13, 2008, at 12:18 PM, Mark Braemer wrote:

> Due to SOX requirements, we have one group of people who write and
> commit the code in our development environment and another group who
> update our production environment.
> I have Microsoft AD working fine to allow a group access as so:
>
> <Location /myrepo>
> DAV svn
> SVNParentPath C:/repositories/myrepo
> SVNListParentPath on
> AuthLDAPAuthoritative on
> AuthType Basic
> AuthName "myrepo"
> AuthLDAPURL "ldap://domain_name.msft:389/dc=domain_name,dc=msft?
> sAMAccountName?sub?(objectClass=*)"
> AuthLDAPBindDN "LDAPAgent_at_domain_name.msft"
> AuthLDAPBindPassword "password_value"
> #require valid-user
> require group CN=Web
> Team
> ,OU=Users,OU=Applications,OU=IT,OU=Headquarters,DC=domain_name,DC=msft
> </Location>
>
> What I want to do is add a second group that can update from svn but
> cannot commit changes to svn. Has anyone done anything like this?
>
> Mark A. Braemer
> 1-800-846-8727 ext 4288
> Application Developer
> Pomeroy IT Solutions
> MCP, V3 ITIL Foundation, CompTIA A+,CompTIA Network+
>

  • application/pkcs7-signature attachment: smime.p7s
Received on 2008-08-13 23:28:16 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.