[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

locking down access to a repository

From: Patricia A Moss <pmoss4_at_csc.com>
Date: Tue, 9 Nov 2010 08:12:44 -0500

I think this is the correct mailing list for this question.

I am LDAP authenticating against 2 domain controllers; in 2 different
I thought that I was locking down each repository to allow only users,
included in a specific AD group, to have read/write access to a
I say supposedly because apparently the second part is not working. Right
now, anyone can access any repository. Can someone lend a hand in figuring
out what I have done wrong, or need to do?
Here is what I have:
I've configured my ldap aliases as follows:
<AuthnProviderAlias ldap ldap-FCGNET>
        AuthLDAPBindDN FCGNET\svnuser
        AuthLDAPBindPassword xxxxxxxxx
<AuthnProviderAlias ldap ldap-VIET>
        AuthLDAPBindDN "CN=fcgvuser,OU=Service
        AuthLDAPBindPassword xxxxxxxxxxx
        AuthLDAPURL ldap://xxxxx.vdc.csc.com:3268/DC=vdc,DC=csc,DC=com?sa

Then in each, specific repositorry configuration file, I have the
<Location /FDCertifications>
dav svn
SVNPath /disk01/home/FDCertifications
AuthType Basic
AuthBasicProvider ldap-FCGNET ldap-VIET
AuthzLDAPAuthoritative off
AuthName "CSC Subversion Repository"
Require valid-user
Require ldap-group CN=PRJ
Require ldap-user pmoss

I thought the "Require ldap-group" line locked access down to allow only
the users in the group access to the repo. That is not the case though.
Everyone can access any repository; as long as they have an FCGNET

I tried adding the AuthnProviderAlias lines to each config file, but I get
an error because it only needs to be defined once.
I tried removing the "Require valid-user" line; but that then doesn't
allow any access.
Have any clues what I am doing wrong? Thanks.

System Engineer Sr. Professional
Received on 2010-11-09 14:14:02 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.