If you're just trying to restrict read and write to a single group in an
all-or-nothing approach, you should be able to skip the Limit stuff and
just simple do
Require valid-user
Require ldap-group CN=PRJ
FP-Development,OU=U.S.,OU=Groups,DC=domainname,DC=com
Inside the <Location> tag.
Jason Malinowski
-----Original Message-----
From: Patricia A Moss [mailto:pmoss4_at_csc.com]
Sent: Wednesday, June 10, 2009 1:04 PM
To: users_at_subversion.tigris.org
Subject: Limiting permission's
I have Subversion version 1.7.0 installed and configured. I am trying
to figure out how to limit access to a repository to a single group.
This is how my config file is set up.
<AuthnProviderAlias ldap ldap-FCGNET>
AuthLDAPBindDN FCGNET\svnaccount
AuthLDAPBindPassword svnpasswd
AuthLDAPURL
ldap://servername:3268/DC=domainname,DC=com?samAccountName?sub?
(objectCategory=person)
<Location /zorch>
dav svn
SVNPath /disk01/home/zorch
AuthType Basic
AuthBasicProvider ldap-FCGNET
AuthName "CSC Subversion Repository"
AuthzLDAPAuthoritative off
Require valid-user
##
# Allows group to have read access to the repository
<Limit GET PROPFIND OPTIONS REPORT>
Require ldap-group CN=PRJ
FP-Development,OU=U.S.,OU=Groups,DC=domainname,DC=com
</Limit>
# Allows group to have write access to the repository
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require ldap-group CN=PRJ
FP-Development,OU=U.S.,OU=Groups,DC=domainname,DC=com
</LimitExcept>
</Location>
Do I need to have the "AuthBasicProvider ldap-FCGNET" line if I have
entries for "Limit" and "LimitExcept"?
Are the "Limit" and "LimitExcept" entries the correct way to limit
access to a specific group only?
Any help is appreciated. Thank you
PATI MOSS
System Engineer Sr. Professional
CSC
575 E. Swedesford Road, Suite 300, Wayne, PA 19464
GIS | p: 610.989.7105 | f: 610.989.7100 | pmoss4_at_csc.com | www.csc.com
This is a PRIVATE message. If you are not the intended recipient, please
delete without copying and kindly advise us by e-mail of the mistake in
delivery.
NOTE: Regardless of content, this e-mail shall not operate to bind CSC
to any order or other contract unless pursuant to explicit written
agreement or government initiative expressly permitting the use of
e-mail for such purpose.
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2361067
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-06-10 22:30:14 CEST