[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Limiting access to a particular repository subdirectory

From: Craig Pendleton <craig.pendleton_at_healthlanguage.com>
Date: Mon, 12 Oct 2009 19:47:54 -0600

On 10/12/09 5:47 PM, "Srilakshmanan, Lakshman"
<lakshman.srilakshmanan_at_police.vic.gov.au> wrote:

> Hi Craig,
>
> Have you considered Path-Based Authorization
>
> http://svnbook.red-bean.com/en/1.4/svn.serverconfig.pathbasedauthz.html
>
> Thanks
> Lakshman
> -----Original Message-----
> From: Craig Pendleton [mailto:craig.pendleton_at_healthlanguage.com]
> Sent: Tuesday, 13 October 2009 8:58 AM
> To: users_at_subversion.tigris.org
> Subject: Limiting access to a particular repository subdirectory
>
> We are currently running Subversion 1.4 through Apache 2.2, authenticating
> our users via LDAP and a ³Require valid-user² parameter. This has been
> working fine for us. We are bringing in a third party who will only be
> working several levels deep in the repository and would like to restrict
> their access to these subdirectories only. We would like to use LDAP
> groups to accomplish this. Basically what we are looking for is the
> following:
>
> /repository/foo (read, write by A, B LDAP groups; no read or write for C
> group )
> /repository/foo/bar (read, write by A, B, C LDAP groups)
>
> I¹ve tried multiple <Location> directives (with different ³Require
> ldap-filter² parameters) into different parts of the same repository, with no
> success. ³Require ldap-group² will not work for us as it seems to only accept
> one group as argument.
>
> Is this possible? If so, can someone point me in the right direction?
> Thank you in advance.
>
>
> Craig
>

Hi Lakshman,

Thank you for the suggestion and the quick reply. Path-based authorization
would be ideal, but my understanding is that this requires a flat file
containing path, user and/or group details and cannot query group membership
from LDAP. Can path-based authorization leverage LDAP groups? I didn¹t
find any documentation indicating that it can, so I¹m looking for
alternatives.

Suggestions greatly appreciated.

Craig

----
NOTICE BY HEALTH LANGUAGE, INC.
This message, as well as any attached document, contains information from Health Language, Inc. that is confidential.  The information is intended only for the use of the addressee named above.  If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or the taking of any action in reliance on the contents of this message or its attachments is strictly prohibited, and may be unlawful.  If you have received this message in error, please delete all electronic copies of this message and its attachments, if any, destroy any hard copies you may have created, without disclosing the contents, and notify the sender immediately.  Unless expressly stated otherwise, nothing contained in this message should be construed as a digital or electronic signature, nor is it intended to reflect an intention to make an agreement by electronic means.
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2406878
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-10-13 23:48:03 CEST

This is an archived mail posted to the Subversion Users mailing list.