Re: AuthzSVNAccessFile AuthGroupFile

From: Daniel Widenfalk <Daniel.Widenfalk_at_iar.se>
Date: Wed, 18 Mar 2009 14:18:00 +0100

Martin Opitz wrote:
> I'm trying to combine AuthzSVNAccessFile and (LDAP) AuthGroupFile, but
> it seems that the require-ldap group directive is overridden by
> AuthzSVNAccessFile.
>
> Here is my config:
> <Location /svn>
>
> DAV svn
>
> SVNParentPath /webserver/svn/repositories
> SVNListParentPath on
>
> AuthName "Subversion Repository"
>
> AuthzSVNAccessFile /webserver/svn/dav_svn.authz
> AuthzSVNAuthoritative off
>
> AuthType Basic
> AuthBasicProvider ldap
> AuthLDAPURL "ldap://oceanix majestix/dc=xyz,dc=de?uid" NONE
> AuthBasicAuthoritative on
> Require ldap-group cn=mm_cvs_std,cn=groups,dc=xyz,dc=de
>
> </Location>

Do you have "* = r" in your access file? I've found that
having "* = r" in the access file bypasses the ldap-group
requirement. This allows all users that can authenticate
themselves against the ldap server to access the Subversion
repository.

Regards
/Daniel Widenfalk

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1348290

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-03-18 14:25:01 CET

This message: [ Message body ]
Next message: Stefan Sperling: "Re: svn over vpn"
Previous message: Greg Troxel: "Re: svn over HTTPS works everywhere but on the server host itself"
In reply to: Martin Opitz: "AuthzSVNAccessFile AuthGroupFile"
Next in thread: Martin Opitz: "Re: AuthzSVNAccessFile AuthGroupFile"
Reply: Martin Opitz: "Re: AuthzSVNAccessFile AuthGroupFile"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]