[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Can I disable directory listing using mod_dav_svn?

From: Griffith, Michael * <Michael.Griffith_at_fda.hhs.gov>
Date: Thu, 20 Nov 2008 14:28:34 -0500

David,

Thanks for the reply. I really have 2 issues -- maybe I should not have
tried to cover them in one post.

Issue #1) I want to allow authentication through Apache/LDAP
integration, but control authorization separately. Can this be done?
Issue #2) Can I disable directory listings using mod_dav_svn? I don't
want to allow browsing of the entire repository...

Thanks,

MG

-----Original Message-----
From: David Weintraub [mailto:qazwart_at_gmail.com]
Sent: Thursday, November 20, 2008 1:04 PM
To: Griffith, Michael *
Cc: users_at_subversion.tigris.org
Subject: Re: Can I disable directory listing using mod_dav_svn?

Well, you can setup Apache with it's own users. This is setup via a text
file that lives somewhere inside the Apache http configuration
directory. If you don't have an Apache account, you simply don't have
any access to Subversion: Read, Write, or List.

See:
<http://svnbook.red-bean.com/en/1.5/svn.serverconfig.httpd.html#svn.serv
erconfig.httpd.authn.basic>

In the past, I've written PHP scripts that allow users to setup and
change their own Apache passwords. All you have to do is read and write
this file back out.

You have to be careful about what would happen if more than one user
updates this file at the same time, but it's not that difficult. I never
did this for a Subversion site, but it would be more or less the same
task.

That would handle what you're trying to do.

--
David Weintraub
qazwart_at_gmail.com
On Wed, Nov 19, 2008 at 4:27 PM, Griffith, Michael *
<Michael.Griffith_at_fda.hhs.gov> wrote:
> Hello everyone,
>
> I am using SVN 1.5.4, configured to use web dav /Apache 2.2 using 
> mod_dav_svn.  I don't want to expose the entire repository to just 
> anyone that has the URL, but instead want my users to register and 
> agree to usage terms before being able to check out code from the
repository.
>
> Is there any way to disable directory listings for mod_dav_svn?  I 
> tried adding Options -Indexes to the location, but that did not work.
>
> My configuration looks like this:
>
> ## SVN Repository Location
> <Location /svn/repos>
>    Options -Indexes
>    DAV svn
>    # Directory containing all repository for this path
>    SVNPath  /home/subversion/repos
>
>    AuthType Basic
>    AuthName "SVN Repository"
>    AuthBasicProvider ldap
>    AuthzLDAPAuthoritative  on
>   # This is an Active Directory user account
>   AuthLDAPBindDN cn=####,dc=###,dc=####
>
>   # This is the password for the AuthLDAPBindDN user in Active
Directory
>   AuthLDAPBindPassword #####
>
>   # The LDAP query URL
>   #AuthLDAPURL
>
"ldap://your.domain:389/DC=your,DC=domain?sAMAccountName?sub?(objectClas
s=*)"
>   # Require authentication for this Location
>   Require valid-user
> </Location>
>
> The authentication works well against LDAP -- is there a way to 
> control the directory access via a DB select? For instance after the 
> user has registered with me and agreed to usage I will add their user 
> id to a list and they would then be permitted to get the source code 
> using a SVN co command?  I want to handle this all pragmatically.  The
> only thing I was able to find was this:
> http://svnbook.red-bean.com/en/1.5/svn.serverconfig.pathbasedauthz.htm
> l -- which is not quite what I want to do...
>
> If you've read all of this -- thank you! Any help would be
appreciated.
>
> Thanks in advance,
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-11-20 20:29:11 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.