Daniel,
no, i do not have wildcards in the DAV.
I do not even have groups in my DAV setup.
I simply see that the require ldap-group Statement is not enforced as it
should be.
Daniel Widenfalk schrieb:
> Martin Opitz wrote:
>> I'm trying to combine AuthzSVNAccessFile and (LDAP) AuthGroupFile, but
>> it seems that the require-ldap group directive is overridden by
>> AuthzSVNAccessFile.
>>
>> Here is my config:
>> <Location /svn>
>>
>> DAV svn
>>
>> SVNParentPath /webserver/svn/repositories
>> SVNListParentPath on
>>
>> AuthName "Subversion Repository"
>>
>> AuthzSVNAccessFile /webserver/svn/dav_svn.authz
>> AuthzSVNAuthoritative off
>>
>> AuthType Basic
>> AuthBasicProvider ldap
>> AuthLDAPURL "ldap://oceanix majestix/dc=xyz,dc=de?uid" NONE
>> AuthBasicAuthoritative on
>> Require ldap-group cn=mm_cvs_std,cn=groups,dc=xyz,dc=de
>>
>> </Location>
>
> Do you have "* = r" in your access file? I've found that
> having "* = r" in the access file bypasses the ldap-group
> requirement. This allows all users that can authenticate
> themselves against the ldap server to access the Subversion
> repository.
>
> Regards
> /Daniel Widenfalk
>
>
>
>
> ------------------------------------------------------------------------
>
>
>
> +----------------------------------------------------------------------+
> | Z1 SecureMail Gateway Info - http://www.zertificon.com |
> +----------------------------------------------------------------------+
> | - Die Nachricht war weder verschluesselt noch digital unterschrieben |
> +----------------------------------------------------------------------+
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1348573
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-03-18 15:41:44 CET