[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Limiting permission's

From: Patricia A Moss <pmoss4_at_csc.com>
Date: Thu, 11 Jun 2009 06:34:46 -0400

Jason,

How does that separate between groups that can read and groups that can
read and write?
Also, those lines are already within my location block. Thanks.

PATI MOSS
System Engineer Sr. Professional
CSC

Jason Malinowski <jason_at_jason-m.com>
06/10/2009 04:29 PM

To
Patricia A Moss/GIS/CSC_at_CSC, users_at_subversion.tigris.org
cc

Subject
RE: Limiting permission's

If you're just trying to restrict read and write to a single group in an
all-or-nothing approach, you should be able to skip the Limit stuff and
just simple do

Require valid-user
Require ldap-group CN=PRJ
FP-Development,OU=U.S.,OU=Groups,DC=domainname,DC=com

Inside the <Location> tag.

Jason Malinowski

-----Original Message-----
From: Patricia A Moss [mailto:pmoss4_at_csc.com]
Sent: Wednesday, June 10, 2009 1:04 PM
To: users_at_subversion.tigris.org
Subject: Limiting permission's

I have Subversion version 1.7.0 installed and configured. I am trying
to figure out how to limit access to a repository to a single group.
This is how my config file is set up.

<AuthnProviderAlias ldap ldap-FCGNET>
        AuthLDAPBindDN FCGNET\svnaccount
        AuthLDAPBindPassword svnpasswd
        AuthLDAPURL
ldap://servername:3268/DC=domainname,DC=com?samAccountName?sub?
(objectCategory=person)
<Location /zorch>
dav svn
SVNPath /disk01/home/zorch
AuthType Basic
AuthBasicProvider ldap-FCGNET
AuthName "CSC Subversion Repository"
AuthzLDAPAuthoritative off
Require valid-user
##
# Allows group to have read access to the repository
<Limit GET PROPFIND OPTIONS REPORT>
        Require ldap-group CN=PRJ
FP-Development,OU=U.S.,OU=Groups,DC=domainname,DC=com
</Limit>
# Allows group to have write access to the repository
<LimitExcept GET PROPFIND OPTIONS REPORT>
        Require ldap-group CN=PRJ
FP-Development,OU=U.S.,OU=Groups,DC=domainname,DC=com
</LimitExcept>
</Location>

Do I need to have the "AuthBasicProvider ldap-FCGNET" line if I have
entries for "Limit" and "LimitExcept"?
Are the "Limit" and "LimitExcept" entries the correct way to limit
access to a specific group only?

Any help is appreciated. Thank you

PATI MOSS
System Engineer Sr. Professional
CSC

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2361067

To unsubscribe from this discussion, e-mail:
[users-unsubscribe_at_subversion.tigris.org].

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2361227

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-06-11 12:36:07 CEST

This is an archived mail posted to the Subversion Users mailing list.