[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: LDAP Group Configuration in AuthzSVNAccessFile

From: Aaron Turner <synfinatic_at_gmail.com>
Date: Wed, 31 Mar 2010 14:28:53 -0700

On Wed, Mar 31, 2010 at 2:25 PM, Stefan Sperling <stsp_at_elego.de> wrote:
> On Wed, Mar 31, 2010 at 12:40:13PM -0700, Aaron Turner wrote:
>> On Wed, Mar 31, 2010 at 12:23 PM, Lee Kaufman
>> <lee.kaufman_at_transmetric.com> wrote:
>> > I have been set the task of setting up SVN and connecting Authentication and
>> > Authorization to our MS Active Directory system.  The SVN is now running on
>> > a Debian Linux server.  I have successfully set up Authenticated to
>> > authenticate users who have access to the SVN system based on a Security
>> > Group in our AD.
>> >
>> > The next task is where I am encountering the difficulty is in Authorizing
>> > individual users to read and write to the individual repositories.  From
>> > what I have seen I need I to do this I need a AuthzSVNAccessFile file.
>> > However I have not been able to find any documentation on how to accomplish
>> > this using AD groups.  Below is a simple example.
>>
>> Last time I checked, you can't do authorization via LDAP/AD.  Just
>> authentication.  Hence the lack of documentation on the subject.
>
> Various wrapper scripts exist which generate an authz rules file
> from data pulled from LDAP/AD directories. I agree that it would
> be nice to have built-in support for this in mod_authz_svn though.

Do you have a link to such a script? I've occasionally looked for one
and never found it... was planning on writing one someday, but no
point in reinventing the wheel.

-- 
Aaron Turner
http://synfin.net/         Twitter: @synfinatic
http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety.
    -- Benjamin Franklin
"carpe diem quam minimum credula postero"
Received on 2010-03-31 23:29:42 CEST

This is an archived mail posted to the Subversion Users mailing list.