Re: Adding anonymous read only access from one IP address

From: Pthagonal <pthagonal_at_gmail.com>
Date: Tue, 28 Oct 2008 16:12:35 +0000

Thanks - with an extra "Order allow,deny" I think that did the trick.

Cheers,

Tony

On Tue, Oct 28, 2008 at 12:04 AM, Steve Whitson <steven.whitson_at_gmail.com>wrote:

> With the svn configuration you have, and using typical apache rules,
> adding the two lines (as noted below) should do the trick. Change
> 227.112.56.34 to the ip address of the system you allow access from.
>
> Pthagonal wrote:
>
> Hi,
>
> I have a subversion installation working well using apache and an LDAP
> backend to authenticate our users. The code contained in the repositories is
> private and thus we currently have no anonymous access. The developers have
> an internal test server and various of them use it to check out the latest
> build to a shared area to test it. However they can't store their
> credentials on the test server else other staff can then access those cached
> credentials, and they would prefer the server have a read-only access to
> subversion that isn't dependant on who is logged in so they can update the
> current checked out code easily.
>
> We can't risk creating a non-staff member ldap user who can check out code
> to any pc, but we are prepared to allow read-only anonymous checkouts to the
> specific internal ip address of the test server. Commits must always be in a
> real user's name.
>
> So my question is how best to accomplish this? Has anyone else already
> worked out a neat way to do this?
>
> Current apache config snippet:
>
> <Location /repos>
> DAV svn
> SVNParentPath /data/repos
> AuthzSVNAccessFile /data/repos/accessrules
> # Require SSL connection for password protection.
> SSLRequireSSL
>
> AuthType Basic
> AuthName "subversion repositories"
> AuthBasicProvider ldap
> AuthLDAPURL ldaps://ldaps.company.com/dc=company
> AuthzLDAPAuthoritative off
> Require valid-user
>
> Allow from 227.112.56.34
> Satisfy any
>
> </Location>
>
> And then in the accessrules we aren't keeping any users out of any repos
> yet:
>
> [repo1:/]
> * = rw
>
> [repo2:/]
> * = rw
>
> [tools:/]
> * = rw
>
> [sandbox:/]
> * = rw
>
> [websites:/]
> * = rw
>
>
Received on 2008-10-28 17:13:04 CET

This message: [ Message body ]
Next message: Marziou, Gael: "Zombie files prevent me from re-adding deleted file"
Previous message: kmradke_at_rockwellcollins.com: "Re: Antwort: Re: Antwort: Re: Antwort: Re: Antwort: Re: Problem using subversion on a large repository"
In reply to: Steve Whitson: "Re: Adding anonymous read only access from one IP address"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]