Martin Opitz wrote:
> no, i do not have wildcards in the DAV.
> I do not even have groups in my DAV setup.
> I simply see that the require ldap-group Statement is not enforced as it
> should be.
We have almost the exact same set-up and it works here.
The two differences I see are that we authenticate
against an AD server (using LDAP) and that that we've got
in the <Location> directory.
It took a while before I understood why my simple test
setup worked while our main repository didn't. The
difference was that the test setup did not use "* = r"
in the access file.
> Daniel Widenfalk schrieb:
>> Martin Opitz wrote:
>>> I'm trying to combine AuthzSVNAccessFile and (LDAP) AuthGroupFile,
>>> but it seems that the require-ldap group directive is overridden by
>>> Here is my config:
>>> <Location /svn>
>>> DAV svn
>>> SVNParentPath /webserver/svn/repositories
>>> SVNListParentPath on
>>> AuthName "Subversion Repository"
>>> AuthzSVNAccessFile /webserver/svn/dav_svn.authz
>>> AuthzSVNAuthoritative off
>>> AuthType Basic
>>> AuthBasicProvider ldap
>>> AuthLDAPURL "ldap://oceanix majestix/dc=xyz,dc=de?uid" NONE
>>> AuthBasicAuthoritative on
>>> Require ldap-group cn=mm_cvs_std,cn=groups,dc=xyz,dc=de
>> Do you have "* = r" in your access file? I've found that
>> having "* = r" in the access file bypasses the ldap-group
>> requirement. This allows all users that can authenticate
>> themselves against the ldap server to access the Subversion
>> /Daniel Widenfalk
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-03-18 15:39:58 CET