[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Limiting access to a particular repository subdirectory

From: Andrey Repin <anrdaemon_at_freemail.ru>
Date: Tue, 13 Oct 2009 06:12:19 +0400

Greetings, Craig Pendleton!

>>> We are currently running Subversion 1.4 through Apache 2.2, authenticating
>>> our users via LDAP and a ?Require valid-user? parameter. This has been
>>> working fine for us. We are bringing in a third party who will only be
>>> working several levels deep in the repository and would like to restrict
>>> their access to these subdirectories only. We would like to use LDAP
>>> groups to accomplish this. Basically what we are looking for is the
>>> following:
>>> /repository/foo (read, write by A, B LDAP groups; no read or write for C
>>> group )
>>> /repository/foo/bar (read, write by A, B, C LDAP groups)
>>> I?ve tried multiple <Location> directives (with different ?Require
>>> ldap-filter? parameters) into different parts of the same repository, with no
>>> success. ?Require ldap-group? will not work for us as it seems to only accept
>>> one group as argument.
>>> Is this possible? If so, can someone point me in the right direction?
>>> Thank you in advance.

>> Have you considered Path-Based Authorization
>> http://svnbook.red-bean.com/en/1.4/svn.serverconfig.pathbasedauthz.html

> Hi Lakshman,

> Thank you for the suggestion and the quick reply. Path-based authorization
> would be ideal, but my understanding is that this requires a flat file
> containing path, user and/or group details and cannot query group membership
> from LDAP. Can path-based authorization leverage LDAP groups? I didn?t
> find any documentation indicating that it can, so I?m looking for
> alternatives.

> Suggestions greatly appreciated.

I suggest you upgrade your ancient server software and read appropriate

(Same for 1.5

 Andrey Repin (anrdaemon_at_freemail.ru) 13.10.2009, <6:07>
Sorry for my terrible english...
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-10-13 23:48:00 CEST

This is an archived mail posted to the Subversion Users mailing list.