[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Limiting permission's

From: Patricia A Moss <pmoss4_at_csc.com>
Date: Fri, 12 Jun 2009 07:02:06 -0400

Can someone please help me to resolve the issue of limiting access to a
single group and/or user to the repository?

PATI MOSS
System Engineer Sr. Professional
CSC

Patricia A Moss/GIS/CSC_at_CSC
06/11/2009 01:07 PM

To
users_at_subversion.tigris.org
cc

Subject
RE: Limiting permission's

Can anyone lend an understanding to this

Here is my config file.

<AuthnProviderAlias ldap ldap-FCGNET>
      AuthLDAPBindDN FCGNET\svnaccount
      AuthLDAPBindPassword svnpasswd
      AuthLDAPURL
ldap://servername:3268/DC=domainname,DC=com?samAccountName?sub?(objectCategory=person)

</AuthnProviderAlias>

<Location /zorch>
dav svn
SVNPath /disk01/home/zorch
AuthType Basic
AuthBasicProvider ldap-FCGNET
AuthName "CSC Subversion Repository"
AuthzLDAPAuthoritative off
Require valid-user
##
# Allows group to have read access to the repository
<Limit GET PROPFIND OPTIONS REPORT>
      Require ldap-group CN=PRJ
FP-Development,OU=U.S.,OU=Groups,DC=domainname,DC=com
</Limit>
# Allows group to have write access to the repository
<LimitExcept GET PROPFIND OPTIONS REPORT>
      Require ldap-group CN=PRJ
FP-Development,OU=U.S.,OU=Groups,DC=domainname,DC=com
</LimitExcept>
</Location>

It is my understanding that "<Limit GET PROPFIND OPTIONS REPORT>" and
<LimitExcept GET PROPFIND OPTIONS REPORT>" are used to distiguish between
read only permission's and read/write permissions. Is this correct?

Do I need the "AuthBasicProvider ldap-FCGNET" entry?
It seems that with it included ANY FCGNET account has access to the
repository.
  
Also, I was under the impression that the "Require ldap-user " entry was
what would need to be added to give a single user access to the
repository. However, when I include the entry I still do not have access
to the repository.

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2361569

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-06-12 13:03:09 CEST

This is an archived mail posted to the Subversion Users mailing list.