Hi, Subversion developers
I am now using subversion 1.5 + Http 2.2.9 with LDAP authentication, it works fine.
But now, I want to do per-directory access control with LDAP authentication which someone can read and write in the special directories, others can only read them. and it cannot work with my setting: http.conf + authz.
I notice there is a file syntax: aliases in authz file, but I wandered whether my setting is correct.
Could you give me some help?
Http.conf:
<Location /H>
DAV svn
SVNParentPath /svn
SVNListParentPath on
# LDAP Authentication & Authorization is final; do not check other databases
# AuthLDAPAuthoritative on
# Do basic password authentication in the clear
AuthType Basic
AuthBasicProvider ldap
# The name of the protected area or "realm"
AuthName "UEFI Subversion Repository"
# Active Directory requires an authenticating DN to access records
# This is the DN used to bind to the directory service
# This is an Active Directory user account
AuthLDAPBindDN "CN=LDAP_RO,CN=USERS,DC=PHOENIX,DC=COM"
# This is the password for the AuthLDAPBindDN user in Active Directory
AuthLDAPBindPassword H3r3Buggy
# The LDAP query URL
# Format: scheme://host:port/basedn?attribute?scope?filter
# The URL below will search for all objects recursively below the basedn
# and validate against the sAMAccountName attribute
AuthLDAPURL "ldap://134.122.1.67:389/ou=phoenix,dc=phoenix,dc=com?sAMAccountName?sub?(objectClass=*)"
# Require authentication for this Location
Require valid-user
AuthzSVNAccessFile /usr/local/apache2/conf/authz
</Location>
authz:
[aliases]
# joe = /C=XZ/ST=Dessert/L=Snake City/O=Snake Oil, Ltd./OU=Research Institute/CN=Joe Average
Victor_Gong = CN=Victor Gong,OU=Nanjing,OU=China,OU=Personnel,OU=People,OU=Phoenix,DC=phoenix,DC=com
Received on 2008-09-17 20:30:02 CEST