[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Read-Only Access

From: Jake Stone <jake.the.stone_at_gmail.com>
Date: Mon, 19 Oct 2009 13:56:45 -0500

Patricia A Moss wrote:
>
> I am attempting to allow a single group access to a repository and to
> make that access read-only. Here is my config file; however, it does
> not seem to be making the group read-only. The members of the group
> can still commit and make changes. Can someone tell me what I am
> missing? Thanks.
>
> <Location /ProdDev>
> dav svn
> SVNPath /disk01/home/ProdDev
> AuthType Basic
> AuthBasicProvider ldap
> AuthzLDAPAuthoritative off
> AuthName "CSC Subversion Repository"
> AuthLDAPBindDN FCGNET\xxxxxxx
> AuthLDAPBindPassword xxxxxxx
> AuthLDAPURL
> ldap://pant04.fcg.com:3268/DC=fcg,DC=com?samAccountName?sub?(objectCategory=person)
>
> *<LimitExcept GET PROPFIND OPTIONS REPORT>*
> *Require ldap-group CN=FCG LS Product
> Development,OU=U.S.,OU=Groups,DC=fcg,DC=com*
> *</LimitExcept>*
> </Location>
>
>
> PATI MOSS
> System Engineer Sr. Professional
> CSC
You should first test your config with simple Apache password files;
trying to debug LDAP and SVN at the same time is a bad idea.
It seems you have the right LimitExcept, so if you got LDAP working
correctly that should be right.

I use LDAP for my SVN-Apache instance as well, and the below directives
accomplish both read and write access control.
You would need to satisfy [Code-Read] to even read the repository, and
[Code-Write] to change it.
Note the difference between LimitExcept and Limit.

    <Location /svn>
        .....
        <LimitExcept GET PROPFIND OPTIONS REPORT>
            Require [Code-Write]
        </LimitExcept>
        <Limit GET PROPFIND OPTIONS REPORT>
            Require [Code-Read]
        </Limit>
    </Location>

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2409093

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-10-19 20:57:32 CEST

This is an archived mail posted to the Subversion Users mailing list.