[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: ldap auth with one read-only user

From: Johan Corveleyn <jcorvel_at_gmail.com>
Date: Wed, 27 Jan 2010 13:15:21 +0100

On Tue, Jan 26, 2010 at 3:12 PM, Anja Gawlik <Anja.Gawlik_at_cib.de> wrote:
> Hello everybody,
>
> I have subversion running with ldap auth against our active directory. The
> normal setup with a require ldap-group worked fine. Now I shall add one
> read-only user for nightly builds and it just won't work. Here is my config:
>
> ***************************************************************
> <Location /test>
>
> DAV svn
> SVNPath /svn-repositories/test
> #authentication defaults for our repositories
> AddDefaultCharset UTF-8
> AuthBasicProvider ldap
> AuthType Basic
> AuthzLDAPAuthoritative on
> AuthName "Subversion "
> AuthLDAPURL "ldap://domain.us.com/ou=Users,DC=US,DC=COM?sAMAccountName?sub"
> AuthLDAPBindDN CN=apache,CN=Users,DC=US,DC=COM
> AuthLDAPBindPassword somepw
> AuthLDAPGroupAttribute member
>
>
> #<Limit GET PROPFIND OPTIONS REPORT>
> require  valid user
> #</Limit>
>
> <LimitExcept GET PROPFIND OPTIONS REPORT>
> require ldap-group CN=intern,CN=Users,DC=US,DC=COM
> </LimitExcept>
>
>
> </Location>
> ****************************************************************
>
> For the last 2 days have tried all combinations of Limit and
> LimitExcept and require ldap-attribute sAMAccountname=nightlyuser
> and all the like, but it just won't work.
>
> Nightlyuser shall be read-only, all the other ldap-users (who are
> in group intern, where nightlyuser is not a member) shall have full
> access.
> Can somebody help me with this?

That should be "valid-user", and not "valid user". See
http://httpd.apache.org/docs/2.2/mod/core.html#require.

Also, I hope that "nightlyuser" is a user in the LDAP, somewhere under
ou=Users,DC=US,DC=COM ?

If you still can't get it to work, I suggest you first try to connect
with a regular browser (just surfing to $REPO_URL), and try to
authenticate with "nightlyuser" and its password. Just to eliminate
your nightly build system from the equation ...

HTH
Regards,
Johan
Received on 2010-01-27 13:16:03 CET

This is an archived mail posted to the Subversion Users mailing list.