Hi,
I have a subversion installation working well using apache and an LDAP
backend to authenticate our users. The code contained in the repositories is
private and thus we currently have no anonymous access. The developers have
an internal test server and various of them use it to check out the latest
build to a shared area to test it. However they can't store their
credentials on the test server else other staff can then access those cached
credentials, and they would prefer the server have a read-only access to
subversion that isn't dependant on who is logged in so they can update the
current checked out code easily.
We can't risk creating a non-staff member ldap user who can check out code
to any pc, but we are prepared to allow read-only anonymous checkouts to the
specific internal ip address of the test server. Commits must always be in a
real user's name.
So my question is how best to accomplish this? Has anyone else already
worked out a neat way to do this?
Current apache config snippet:
<Location /repos>
DAV svn
SVNParentPath /data/repos
AuthzSVNAccessFile /data/repos/accessrules
# Require SSL connection for password protection.
SSLRequireSSL
AuthType Basic
AuthName "subversion repositories"
AuthBasicProvider ldap
AuthLDAPURL ldaps://ldaps.company.com/dc=company
AuthzLDAPAuthoritative off
Require valid-user
</Location>
And then in the accessrules we aren't keeping any users out of any repos
yet:
[repo1:/]
* = rw
[repo2:/]
* = rw
[tools:/]
* = rw
[sandbox:/]
* = rw
[websites:/]
* = rw
Cheers,
Tony
Received on 2008-10-27 23:54:39 CET