Jason,
How does that separate between groups that can read and groups that can
read and write?
Also, those lines are already within my location block. Thanks.
PATI MOSS
System Engineer Sr. Professional
CSC
Jason Malinowski <jason_at_jason-m.com>
06/10/2009 04:29 PM
To
Patricia A Moss/GIS/CSC_at_CSC, users_at_subversion.tigris.org
cc
Subject
RE: Limiting permission's
If you're just trying to restrict read and write to a single group in an
all-or-nothing approach, you should be able to skip the Limit stuff and
just simple do
Require valid-user
Require ldap-group CN=PRJ
FP-Development,OU=U.S.,OU=Groups,DC=domainname,DC=com
Inside the <Location> tag.
Jason Malinowski
-----Original Message-----
From: Patricia A Moss [mailto:pmoss4_at_csc.com]
Sent: Wednesday, June 10, 2009 1:04 PM
To: users_at_subversion.tigris.org
Subject: Limiting permission's
I have Subversion version 1.7.0 installed and configured. I am trying
to figure out how to limit access to a repository to a single group.
This is how my config file is set up.
<AuthnProviderAlias ldap ldap-FCGNET>
AuthLDAPBindDN FCGNET\svnaccount
AuthLDAPBindPassword svnpasswd
AuthLDAPURL
ldap://servername:3268/DC=domainname,DC=com?samAccountName?sub?
(objectCategory=person)
<Location /zorch>
dav svn
SVNPath /disk01/home/zorch
AuthType Basic
AuthBasicProvider ldap-FCGNET
AuthName "CSC Subversion Repository"
AuthzLDAPAuthoritative off
Require valid-user
##
# Allows group to have read access to the repository
<Limit GET PROPFIND OPTIONS REPORT>
Require ldap-group CN=PRJ
FP-Development,OU=U.S.,OU=Groups,DC=domainname,DC=com
</Limit>
# Allows group to have write access to the repository
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require ldap-group CN=PRJ
FP-Development,OU=U.S.,OU=Groups,DC=domainname,DC=com
</LimitExcept>
</Location>
Do I need to have the "AuthBasicProvider ldap-FCGNET" line if I have
entries for "Limit" and "LimitExcept"?
Are the "Limit" and "LimitExcept" entries the correct way to limit
access to a specific group only?
Any help is appreciated. Thank you
PATI MOSS
System Engineer Sr. Professional
CSC
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2361067
To unsubscribe from this discussion, e-mail:
[users-unsubscribe_at_subversion.tigris.org].
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2361227
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-06-11 12:36:07 CEST