Can someone please help me to resolve the issue of limiting access to a
single group and/or user to the repository?
PATI MOSS
System Engineer Sr. Professional
CSC
Patricia A Moss/GIS/CSC_at_CSC
06/11/2009 01:07 PM
To
users_at_subversion.tigris.org
cc
Subject
RE: Limiting permission's
Can anyone lend an understanding to this
Here is my config file.
<AuthnProviderAlias ldap ldap-FCGNET>
AuthLDAPBindDN FCGNET\svnaccount
AuthLDAPBindPassword svnpasswd
AuthLDAPURL
ldap://servername:3268/DC=domainname,DC=com?samAccountName?sub?(objectCategory=person)
</AuthnProviderAlias>
<Location /zorch>
dav svn
SVNPath /disk01/home/zorch
AuthType Basic
AuthBasicProvider ldap-FCGNET
AuthName "CSC Subversion Repository"
AuthzLDAPAuthoritative off
Require valid-user
##
# Allows group to have read access to the repository
<Limit GET PROPFIND OPTIONS REPORT>
Require ldap-group CN=PRJ
FP-Development,OU=U.S.,OU=Groups,DC=domainname,DC=com
</Limit>
# Allows group to have write access to the repository
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require ldap-group CN=PRJ
FP-Development,OU=U.S.,OU=Groups,DC=domainname,DC=com
</LimitExcept>
</Location>
It is my understanding that "<Limit GET PROPFIND OPTIONS REPORT>" and
<LimitExcept GET PROPFIND OPTIONS REPORT>" are used to distiguish between
read only permission's and read/write permissions. Is this correct?
Do I need the "AuthBasicProvider ldap-FCGNET" entry?
It seems that with it included ANY FCGNET account has access to the
repository.
Also, I was under the impression that the "Require ldap-user " entry was
what would need to be added to give a single user access to the
repository. However, when I include the entry I still do not have access
to the repository.
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2361569
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-06-12 13:03:09 CEST