RE: LDAP Group Configuration in AuthzSVNAccessFile

> > > I have been set the task of setting up SVN and connecting
> > > Authentication and Authorization to our MS Active
> Directory system.
> > > The SVN is now running on a Debian Linux server. I have
> > > successfully set up Authenticated to authenticate users who have
> > > access to the SVN system based on a Security Group in our AD.
> > >
> > > The next task is where I am encountering the difficulty is in
> > > Authorizing individual users to read and write to the individual
> > > repositories. From what I have seen I need I to do this
> I need a AuthzSVNAccessFile file.
> > > However I have not been able to find any documentation on how to
> > > accomplish this using AD groups. Below is a simple example.
> >
> > Last time I checked, you can't do authorization via LDAP/AD. Just
> > authentication. Hence the lack of documentation on the subject.
>
> Various wrapper scripts exist which generate an authz rules
> file from data pulled from LDAP/AD directories. I agree that
> it would be nice to have built-in support for this in
> mod_authz_svn though.
>

Few months ago I was experimenting with this and I found out that it can easily work.

My Apache configuration for the repository contained "AuthzLDAPAuthoritative off" and "AuthLDAPRemoteUserAttribute name". I'm not sure you need AuthzLDAPAuthoritative but it's AuthLDAPRemoteUserAttribute that allowed me to write the access file like this

[groups]
developers = Giulio Troccoli, Harpal Panesar

[svn-test:/]
* = r
svnsync = r

[svn-test:/trunk]
@developers = rw

I'm pretty sure it worked but, as I said, it was few months ago so maybe I just saved this configuration for further investigation rather than for immediate use.

Giulio

Linedata Services (UK) Ltd
Registered Office: Bishopsgate Court, 4-12 Norton Folgate, London, E1 6DB
Registered in England and Wales No 3027851 VAT Reg No 778499447
Received on 2010-04-01 09:42:45 CEST