[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: a question about the access file syntax: username aliases

From: Engebakken Geir <geir.engebakken_at_edb.com>
Date: Fri, 19 Sep 2008 10:49:27 +0200

Seems you are using the wrong syntax for the authz file, you log on with the sAMAccountName, so this would be the users to authorize :

Here is an example of how I did it, note that I have founf it nescessary to explicitly deny access to all users not in the group ( the ~ construct), as we will not even allow read access for users not in the group. :

[/]
csvn = rw
@admin = rw

[groups]
admin = z1208fc,z5131ph,et4818,et2889,z1920oj,et4262
mfe = et1038
pmd=jn00011,z1416ge

[test:/]
* = r

[test:/pmd]
@pmd = rw
~pmd =

[test:/mfe]
@mfe = rw
~mfe =

Geir

________________________________
From: Victor Gong [mailto:Victor_Gong_at_phoenix.com]
Sent: 17. september 2008 09:29
To: users_at_subversion.tigris.org
Subject: a question about the access file syntax: username aliases

Hi, Subversion developers
I am now using subversion 1.5 + Http 2.2.9 with LDAP authentication, it works fine.
But now, I want to do per-directory access control with LDAP authentication which someone can read and write in the special directories, others can only read them. and it cannot work with my setting: http.conf + authz.
I notice there is a file syntax: aliases in authz file, but I wandered whether my setting is correct.
Could you give me some help?

Http.conf:
<Location /H>
    DAV svn
    SVNParentPath /svn
    SVNListParentPath on

  # LDAP Authentication & Authorization is final; do not check other databases
  # AuthLDAPAuthoritative on

  # Do basic password authentication in the clear
   AuthType Basic
   AuthBasicProvider ldap
  # The name of the protected area or "realm"
   AuthName "UEFI Subversion Repository"

  # Active Directory requires an authenticating DN to access records
  # This is the DN used to bind to the directory service
  # This is an Active Directory user account
  AuthLDAPBindDN "CN=LDAP_RO,CN=USERS,DC=PHOENIX,DC=COM"

  # This is the password for the AuthLDAPBindDN user in Active Directory
  AuthLDAPBindPassword H3r3Buggy

  # The LDAP query URL
  # Format: scheme://host:port/basedn?attribute?scope?filter
  # The URL below will search for all objects recursively below the basedn
  # and validate against the sAMAccountName attribute
  AuthLDAPURL "ldap://134.122.1.67:389/ou=phoenix,dc=phoenix,dc=com?sAMAccountName?sub?(objectClass=*)"

  # Require authentication for this Location
  Require valid-user

  AuthzSVNAccessFile /usr/local/apache2/conf/authz

</Location>
authz:
[aliases]
# joe = /C=XZ/ST=Dessert/L=Snake City/O=Snake Oil, Ltd./OU=Research Institute/CN=Joe Average
Victor_Gong = CN=Victor Gong,OU=Nanjing,OU=China,OU=Personnel,OU=People,OU=Phoenix,DC=phoenix,DC=com
Received on 2008-09-19 17:51:35 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.