[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: LDAP, auth file and CN

From: Jeremy Whitlock <jcscoobyrs_at_gmail.com>
Date: Mon, 30 Mar 2009 11:05:26 -0600

> [groups]
> svn-admin = svn, svn_gt, svn_hp, svn_jn, svnsync
> developers = "CN=Giulio Troccoli,OU=BGC,OU=Users,OU=London,OU=North"
>
> [svn-test:/]
> @svn-admin = rw
> @developers = rw
>
> Which would work no matter how I authenticae. However it's a PITA to write for all developers, testers, and other groups we are planning to authorize (or not).

I wrote a script that will take group definitions in a directory
server (LDAP as you say it) and reproduce those groups within
Subversion's authz file so you can do group-level permissioning:
http://www.thoughtspark.org/node/26 It will not fix the casing issue,
which isn't really Subversion's fault because some systems are case
sensitive.

> What I would like is to be able to use any case for my id (even gTroCcOli) if I want, then the LDAP module returned only the Common Name (Giulio Troccoli) and I can use that in the auth file
>
> [groups]
> svn-admin = svn, svn_gt, svn_hp, svn_jn, svnsync
> developers = Giulio Troccoli
>
> [svn-test:/]
> @svn-admin = rw
> @developers = rw
>
> Is it at all possible?

Yes. You tell Apache what object attribute to use for the user id. I
know you said you didn't find a good LDAP article for Apache but it
just so happens I wrote one recently that describes every pieces of
this: http://blogs.open.collab.net/svn/2009/03/subversion-with-apache-and-ldap-updated.html
 Let me know if you are still having troubles.

-- 
Take care,
Jeremy Whitlock
http://www.thoughtspark.org
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1483917
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-03-30 19:08:12 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.