I'm not sure of the specifics of applying it with MS AD or your setup
specifics, but you can use the Apache <Limit> and <LimitExcept>
directives to restrict groups that can access certain things.
# restrict write access
<LimitExcept GET PROPFIND OPTIONS REPORT>
...
</LimitExcept>
# restrict read access
<Limit GET PROPFIND OPTIONS REPORT>
...
</Limit>
For examples, see:
http://svnbook.red-bean.com/en/1.4/svn.serverconfig.httpd.html#svn.serverconfig.httpd.authz
http://drupal.org/node/222201
- Quinn
On Aug 13, 2008, at 12:18 PM, Mark Braemer wrote:
> Due to SOX requirements, we have one group of people who write and
> commit the code in our development environment and another group who
> update our production environment.
> I have Microsoft AD working fine to allow a group access as so:
>
> <Location /myrepo>
> DAV svn
> SVNParentPath C:/repositories/myrepo
> SVNListParentPath on
> AuthLDAPAuthoritative on
> AuthType Basic
> AuthName "myrepo"
> AuthLDAPURL "ldap://domain_name.msft:389/dc=domain_name,dc=msft?
> sAMAccountName?sub?(objectClass=*)"
> AuthLDAPBindDN "LDAPAgent_at_domain_name.msft"
> AuthLDAPBindPassword "password_value"
> #require valid-user
> require group CN=Web
> Team
> ,OU=Users,OU=Applications,OU=IT,OU=Headquarters,DC=domain_name,DC=msft
> </Location>
>
> What I want to do is add a second group that can update from svn but
> cannot commit changes to svn. Has anyone done anything like this?
>
> Mark A. Braemer
> 1-800-846-8727 ext 4288
> Application Developer
> Pomeroy IT Solutions
> MCP, V3 ITIL Foundation, CompTIA A+,CompTIA Network+
>
- application/pkcs7-signature attachment: smime.p7s
Received on 2008-08-13 23:28:16 CEST