[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Limiting permission's

From: Patricia A Moss <pmoss4_at_csc.com>
Date: Thu, 11 Jun 2009 13:07:51 -0400

Can anyone lend an understanding to this

Here is my config file.

<AuthnProviderAlias ldap ldap-FCGNET>
       AuthLDAPBindDN FCGNET\svnaccount
       AuthLDAPBindPassword svnpasswd
       AuthLDAPURL
ldap://servername:3268/DC=domainname,DC=com?samAccountName?sub?(objectCategory=person)

</AuthnProviderAlias>

<Location /zorch>
dav svn
SVNPath /disk01/home/zorch
AuthType Basic
AuthBasicProvider ldap-FCGNET
AuthName "CSC Subversion Repository"
AuthzLDAPAuthoritative off
Require valid-user
##
# Allows group to have read access to the repository
<Limit GET PROPFIND OPTIONS REPORT>
       Require ldap-group CN=PRJ
FP-Development,OU=U.S.,OU=Groups,DC=domainname,DC=com
</Limit>
# Allows group to have write access to the repository
<LimitExcept GET PROPFIND OPTIONS REPORT>
       Require ldap-group CN=PRJ
FP-Development,OU=U.S.,OU=Groups,DC=domainname,DC=com
</LimitExcept>
</Location>

It is my understanding that "<Limit GET PROPFIND OPTIONS REPORT>" and
<LimitExcept GET PROPFIND OPTIONS REPORT>" are used to distiguish between
read only permission's and read/write permissions. Is this correct?

Do I need the "AuthBasicProvider ldap-FCGNET" entry?
It seems that with it included ANY FCGNET account has access to the
repository.
 
Also, I was under the impression that the "Require ldap-user " entry was
what would need to be added to give a single user access to the
repository. However, when I include the entry I still do not have access
to the repository.

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2361380

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-06-11 19:08:53 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.