Martin Opitz wrote:
> Daniel,
>
> no, i do not have wildcards in the DAV.
> I do not even have groups in my DAV setup.
>
> I simply see that the require ldap-group Statement is not enforced as it
> should be.
We have almost the exact same set-up and it works here.
The two differences I see are that we authenticate
against an AD server (using LDAP) and that that we've got
AuthLDAPBindDN "{subversion-user}"
AuthLDAPBindPassword "{subversion-password}"
in the <Location> directory.
It took a while before I understood why my simple test
setup worked while our main repository didn't. The
difference was that the test setup did not use "* = r"
in the access file.
/Daniel
> Daniel Widenfalk schrieb:
>> Martin Opitz wrote:
>>> I'm trying to combine AuthzSVNAccessFile and (LDAP) AuthGroupFile,
>>> but it seems that the require-ldap group directive is overridden by
>>> AuthzSVNAccessFile.
>>>
>>> Here is my config:
>>> <Location /svn>
>>>
>>> DAV svn
>>>
>>> SVNParentPath /webserver/svn/repositories
>>> SVNListParentPath on
>>>
>>> AuthName "Subversion Repository"
>>>
>>> AuthzSVNAccessFile /webserver/svn/dav_svn.authz
>>> AuthzSVNAuthoritative off
>>>
>>> AuthType Basic
>>> AuthBasicProvider ldap
>>> AuthLDAPURL "ldap://oceanix majestix/dc=xyz,dc=de?uid" NONE
>>> AuthBasicAuthoritative on
>>> Require ldap-group cn=mm_cvs_std,cn=groups,dc=xyz,dc=de
>>>
>>> </Location>
>>
>> Do you have "* = r" in your access file? I've found that
>> having "* = r" in the access file bypasses the ldap-group
>> requirement. This allows all users that can authenticate
>> themselves against the ldap server to access the Subversion
>> repository.
>>
>> Regards
>> /Daniel Widenfalk
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1348794
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-03-18 15:39:58 CET