Patricia A Moss wrote:
>
> I am attempting to allow a single group access to a repository and to
> make that access read-only. Here is my config file; however, it does
> not seem to be making the group read-only. The members of the group
> can still commit and make changes. Can someone tell me what I am
> missing? Thanks.
>
> <Location /ProdDev>
> dav svn
> SVNPath /disk01/home/ProdDev
> AuthType Basic
> AuthBasicProvider ldap
> AuthzLDAPAuthoritative off
> AuthName "CSC Subversion Repository"
> AuthLDAPBindDN FCGNET\xxxxxxx
> AuthLDAPBindPassword xxxxxxx
> AuthLDAPURL
> ldap://pant04.fcg.com:3268/DC=fcg,DC=com?samAccountName?sub?(objectCategory=person)
>
> *<LimitExcept GET PROPFIND OPTIONS REPORT>*
> *Require ldap-group CN=FCG LS Product
> Development,OU=U.S.,OU=Groups,DC=fcg,DC=com*
> *</LimitExcept>*
> </Location>
>
>
> PATI MOSS
> System Engineer Sr. Professional
> CSC
You should first test your config with simple Apache password files;
trying to debug LDAP and SVN at the same time is a bad idea.
It seems you have the right LimitExcept, so if you got LDAP working
correctly that should be right.
I use LDAP for my SVN-Apache instance as well, and the below directives
accomplish both read and write access control.
You would need to satisfy [Code-Read] to even read the repository, and
[Code-Write] to change it.
Note the difference between LimitExcept and Limit.
<Location /svn>
.....
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require [Code-Write]
</LimitExcept>
<Limit GET PROPFIND OPTIONS REPORT>
Require [Code-Read]
</Limit>
</Location>
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2409093
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-10-19 20:57:32 CEST