RE: Limiting permission's

From: Jason Malinowski <jason_at_jason-m.com>
Date: Wed, 10 Jun 2009 15:29:14 -0500

If you're just trying to restrict read and write to a single group in an
all-or-nothing approach, you should be able to skip the Limit stuff and
just simple do

Require valid-user
Require ldap-group CN=PRJ
FP-Development,OU=U.S.,OU=Groups,DC=domainname,DC=com

Inside the <Location> tag.

Jason Malinowski

-----Original Message-----
From: Patricia A Moss [mailto:pmoss4_at_csc.com]
Sent: Wednesday, June 10, 2009 1:04 PM
To: users_at_subversion.tigris.org
Subject: Limiting permission's

I have Subversion version 1.7.0 installed and configured. I am trying
to figure out how to limit access to a repository to a single group.
This is how my config file is set up.

<AuthnProviderAlias ldap ldap-FCGNET>
        AuthLDAPBindDN FCGNET\svnaccount
        AuthLDAPBindPassword svnpasswd
        AuthLDAPURL
ldap://servername:3268/DC=domainname,DC=com?samAccountName?sub?
(objectCategory=person)
<Location /zorch>
dav svn
SVNPath /disk01/home/zorch
AuthType Basic
AuthBasicProvider ldap-FCGNET
AuthName "CSC Subversion Repository"
AuthzLDAPAuthoritative off
Require valid-user
##
# Allows group to have read access to the repository
<Limit GET PROPFIND OPTIONS REPORT>
        Require ldap-group CN=PRJ
FP-Development,OU=U.S.,OU=Groups,DC=domainname,DC=com
</Limit>
# Allows group to have write access to the repository
<LimitExcept GET PROPFIND OPTIONS REPORT>
        Require ldap-group CN=PRJ
FP-Development,OU=U.S.,OU=Groups,DC=domainname,DC=com
</LimitExcept>
</Location>

Do I need to have the "AuthBasicProvider ldap-FCGNET" line if I have
entries for "Limit" and "LimitExcept"?
Are the "Limit" and "LimitExcept" entries the correct way to limit
access to a specific group only?

Any help is appreciated. Thank you

PATI MOSS
System Engineer Sr. Professional
CSC

575 E. Swedesford Road, Suite 300, Wayne, PA 19464
GIS | p: 610.989.7105 | f: 610.989.7100 | pmoss4_at_csc.com | www.csc.com

This is a PRIVATE message. If you are not the intended recipient, please
delete without copying and kindly advise us by e-mail of the mistake in
delivery.
NOTE: Regardless of content, this e-mail shall not operate to bind CSC
to any order or other contract unless pursuant to explicit written
agreement or government initiative expressly permitting the use of
e-mail for such purpose.

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2361067

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-06-10 22:30:14 CEST

This message: [ Message body ]
Next message: Steve Iribarne (GMail): "post-commit setting reply-to properly"
Previous message: Blair Zajac: "Re: Directly commit in svn without a workingdirectory"
In reply to: Patricia A Moss: "Limiting permission's"
Next in thread: Patricia A Moss: "RE: Limiting permission's"
Reply: Patricia A Moss: "RE: Limiting permission's"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]