RE: Path base authorization for Windows Active Directory groups ...
From: Bob Archer <bob.archer_at_amsi.com>
Date: Thu, 17 Sep 2009 16:10:14 -0400
>We have set up a new Subversion server on Windows (previously Unix). Our IT group has been able to set up user >authentication via individual user's Windows domain passwords (Active Directory).
>I am presently implementing path-based access in our repository for overseas development groups. I have been able to >successfully create groups within the '.conf' file of collections of Windows users.
>Is is possible to use reference Windows domain (AD) groups within the '.conf' file so that we can manage the members of a >group via Active Directory instead of editing the '.conf' file?
>Ken Parrish
The svn book has examples of how to use LDAP names. I am pretty sure you can create a alias for a group just as easily as for a user.
Subversion 1.5 brings another useful feature to the access file syntax: username aliases. Some authentication systems expect and carry relatively short usernames of the sorts we've been describing here-harry, sally, joe, and so on. But other authentication systems-such as those which use LDAP stores or SSL client certificates-may carry much more complex usernames. For example, Harry's username in an LDAP-protected system might be CN=Harold Hacker,OU=Engineers,DC=red-bean,DC=com. With usernames like that, the access file can become quite bloated with long or obscure usernames that are easy to mistype. Fortunately, username aliases allow you to have to type the correct complex username only once, in a statement which assigns to it a more easily digestable alias.
But, I've been known to be wrong before.
BOb
------------------------------------------------------
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
|
This is an archived mail posted to the Subversion Users mailing list.
This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.