Thanks - with an extra "Order allow,deny" I think that did the trick.
Cheers,
Tony
On Tue, Oct 28, 2008 at 12:04 AM, Steve Whitson <steven.whitson_at_gmail.com>wrote:
> With the svn configuration you have, and using typical apache rules,
> adding the two lines (as noted below) should do the trick. Change
> 227.112.56.34 to the ip address of the system you allow access from.
>
> Pthagonal wrote:
>
> Hi,
>
> I have a subversion installation working well using apache and an LDAP
> backend to authenticate our users. The code contained in the repositories is
> private and thus we currently have no anonymous access. The developers have
> an internal test server and various of them use it to check out the latest
> build to a shared area to test it. However they can't store their
> credentials on the test server else other staff can then access those cached
> credentials, and they would prefer the server have a read-only access to
> subversion that isn't dependant on who is logged in so they can update the
> current checked out code easily.
>
> We can't risk creating a non-staff member ldap user who can check out code
> to any pc, but we are prepared to allow read-only anonymous checkouts to the
> specific internal ip address of the test server. Commits must always be in a
> real user's name.
>
> So my question is how best to accomplish this? Has anyone else already
> worked out a neat way to do this?
>
> Current apache config snippet:
>
> <Location /repos>
> DAV svn
> SVNParentPath /data/repos
> AuthzSVNAccessFile /data/repos/accessrules
> # Require SSL connection for password protection.
> SSLRequireSSL
>
> AuthType Basic
> AuthName "subversion repositories"
> AuthBasicProvider ldap
> AuthLDAPURL ldaps://ldaps.company.com/dc=company
> AuthzLDAPAuthoritative off
> Require valid-user
>
> Allow from 227.112.56.34
> Satisfy any
>
> </Location>
>
> And then in the accessrules we aren't keeping any users out of any repos
> yet:
>
> [repo1:/]
> * = rw
>
> [repo2:/]
> * = rw
>
> [tools:/]
> * = rw
>
> [sandbox:/]
> * = rw
>
> [websites:/]
> * = rw
>
>
Received on 2008-10-28 17:13:04 CET