[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Limiting permission's

From: Geir Engebakken <geir.engebakken_at_edb.com>
Date: Mon, 15 Jun 2009 16:54:16 +0200

I guess Collabnet itself supplies consultancy support on a payment basis?

Btw have you looked at these :

http://blogs.open.collab.net/svn/2009/03/subversion-with-apache-and-ldap-updated.html

Especially this one, where LDAP groups are being used to limit access :

http://www.thoughtspark.org/node/26

Geir
From: Patricia A Moss [mailto:pmoss4_at_csc.com]
Sent: 15. juni 2009 15:21
To: Patricia A Moss
Cc: users_at_subversion.tigris.org
Subject: RE: Limiting permission's

Does anyone know of any other means by which I can get support with Subversion? This list doesn't seem to be of much help.
I've been googling, but can not find a solution.

PATI MOSS
System Engineer Sr. Professional
CSC

Patricia A Moss/GIS/CSC_at_CSC

06/12/2009 07:02 AM

To

users_at_subversion.tigris.org

cc

Subject

RE: Limiting permission's

Can someone please help me to resolve the issue of limiting access to a single group and/or user to the repository?

PATI MOSS
System Engineer Sr. Professional
CSC

Patricia A Moss/GIS/CSC_at_CSC

06/11/2009 01:07 PM

To

users_at_subversion.tigris.org

cc

Subject

RE: Limiting permission's

Can anyone lend an understanding to this

Here is my config file.

<AuthnProviderAlias ldap ldap-FCGNET>
    AuthLDAPBindDN FCGNET\svnaccount
    AuthLDAPBindPassword svnpasswd
    AuthLDAPURL ldap://servername:3268/DC=domainname,DC=com?samAccountName?sub?(objectCategory=person)
</AuthnProviderAlias>

<Location /zorch>
dav svn
SVNPath /disk01/home/zorch
AuthType Basic
AuthBasicProvider ldap-FCGNET
AuthName "CSC Subversion Repository"
AuthzLDAPAuthoritative off
Require valid-user
##
# Allows group to have read access to the repository
<Limit GET PROPFIND OPTIONS REPORT>
    Require ldap-group CN=PRJ FP-Development,OU=U.S.,OU=Groups,DC=domainname,DC=com
</Limit>
# Allows group to have write access to the repository
<LimitExcept GET PROPFIND OPTIONS REPORT>
    Require ldap-group CN=PRJ FP-Development,OU=U.S.,OU=Groups,DC=domainname,DC=com
</LimitExcept>
</Location>

It is my understanding that "<Limit GET PROPFIND OPTIONS REPORT>" and <LimitExcept GET PROPFIND OPTIONS REPORT>" are used to distiguish between read only permission's and read/write permissions. Is this correct?

Do I need the "AuthBasicProvider ldap-FCGNET" entry?
It seems that with it included ANY FCGNET account has access to the repository.

Also, I was under the impression that the "Require ldap-user " entry was what would need to be added to give a single user access to the repository. However, when I include the entry I still do not have access to the repository.

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2362210

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-06-15 16:55:30 CEST

This is an archived mail posted to the Subversion Users mailing list.