[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Limiting permission's

From: Ryan Schmidt <subversion-2009b_at_ryandesign.com>
Date: Wed, 17 Jun 2009 07:49:28 -0500

On Jun 17, 2009, at 07:44, Johan Corveleyn wrote:

> Ah ok, now I start to understand what you want: you just want only
> that FP-Development group to have access (reading and writing) to
> the repository, and anyone else should have no access (no read, no
> write). Then forget about the Limit and LimitExcept (those are for
> making a difference between reading and writing, but you want to
> restrict both reading and writing the same way, so ...).
> It's actually what Jason Malinowski suggested in the very first
> post - just do it like this (require anyone who accesses /zorch to
> be in the FP-Development group):
> <Location /zorch>
> DAV svn
> SVNPath /disk01/home/zorch
> AuthType Basic
> AuthBasicProvider ldap
> AuthzLDAPAuthoritative off
> AuthName "Subversion Repository"
> AuthLDAPBindDN CSCNET\svnaccount
> AuthLDAPBindPassword svnpasswd
> AuthLDAPURL ldap://servername:3268/DC=domainname,DC=com?
> samAccountName?sub?(objectCategory=person)
> Require ldap-group CN=PRJ FP-
> Development,OU=U.S.,OU=Groups,DC=domainname,DC=com
> </Location>
> About the quotes, those should be around the entire DN, not just
> the value of the CN. But again, I'm not sure if it's really needed,
> first try without them. If it doesn't work and you need to add
> them, the line should look like this:
> Require ldap-group "CN=PRJ FP-
> Development,OU=U.S.,OU=Groups,DC=domainname,DC=com"
> Also, I'm not sure whether this matters, but in my httpd.conf the
> "dav" is in uppercase, so "DAV svn".

Does she still need "Require valid-user" or no?


To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-06-17 14:50:48 CEST

This is an archived mail posted to the Subversion Users mailing list.