[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Adding anonymous read only access from one IP address

From: Steve Whitson <steven.whitson_at_gmail.com>
Date: Mon, 27 Oct 2008 19:04:17 -0500

With the svn configuration you have, and using typical apache rules,
adding the two lines (as noted below) should do the trick. Change
227.112.56.34 to the ip address of the system you allow access from.

Pthagonal wrote:
> Hi,
>
> I have a subversion installation working well using apache and an LDAP
> backend to authenticate our users. The code contained in the
> repositories is private and thus we currently have no anonymous
> access. The developers have an internal test server and various of
> them use it to check out the latest build to a shared area to test
> it. However they can't store their credentials on the test server
> else other staff can then access those cached credentials, and they
> would prefer the server have a read-only access to subversion that
> isn't dependant on who is logged in so they can update the current
> checked out code easily.
>
> We can't risk creating a non-staff member ldap user who can check out
> code to any pc, but we are prepared to allow read-only anonymous
> checkouts to the specific internal ip address of the test server.
> Commits must always be in a real user's name.
>
> So my question is how best to accomplish this? Has anyone else already
> worked out a neat way to do this?
>
> Current apache config snippet:
>
> <Location /repos>
> DAV svn
> SVNParentPath /data/repos
> AuthzSVNAccessFile /data/repos/accessrules
> # Require SSL connection for password protection.
> SSLRequireSSL
>
> AuthType Basic
> AuthName "subversion repositories"
> AuthBasicProvider ldap
> AuthLDAPURL ldaps://ldaps.company.com/dc=company
> <http://ldaps.company.com/dc=company>
> AuthzLDAPAuthoritative off
> Require valid-user
        Allow from 227.112.56.34
        Satisfy any
> </Location>
>
> And then in the accessrules we aren't keeping any users out of any
> repos yet:
>
> [repo1:/]
> * = rw
>
> [repo2:/]
> * = rw
>
> [tools:/]
> * = rw
>
> [sandbox:/]
> * = rw
>
> [websites:/]
> * = rw
>
>
> Cheers,
>
> Tony
Received on 2008-10-28 01:04:40 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.