On Tue, Nov 9, 2010 at 7:12 AM, Patricia A Moss <pmoss4_at_csc.com> wrote:
> I think this is the correct mailing list for this question.
> I am LDAP authenticating against 2 domain controllers; in 2 different
> I thought that I was locking down each repository to allow only users,
> included in a specific AD group, to have read/write access to a repository.
> I say supposedly because apparently the second part is not working. Right
> now, anyone can access any repository. Can someone lend a hand in figuring
> out what I have done wrong, or need to do?
> Here is what I have:
> I've configured my ldap aliases as follows:
> <AuthnProviderAlias ldap ldap-FCGNET>
> AuthLDAPBindDN FCGNET\svnuser
> AuthLDAPBindPassword xxxxxxxxx
> <AuthnProviderAlias ldap ldap-VIET>
> AuthLDAPBindDN "CN=fcgvuser,OU=Service
> AuthLDAPBindPassword xxxxxxxxxxx
> AuthLDAPURL ldap://xxxxx.vdc.csc.com:3268/DC=vdc,DC=csc,DC=com?sa
> Then in each, specific repositorry configuration file, I have the following:
> <Location /FDCertifications>
> dav svn
> SVNPath /disk01/home/FDCertifications
> AuthType Basic
> AuthBasicProvider ldap-FCGNET ldap-VIET
> AuthzLDAPAuthoritative off
> AuthName "CSC Subversion Repository"
> Require valid-user
> Require ldap-group CN=PRJ FDCertifications,OU=Europe,OU=Groups,DC=fcg,DC=com
> Require ldap-user pmoss
> I thought the "Require ldap-group" line locked access down to allow only the
> users in the group access to the repo. That is not the case though.
> Everyone can access any repository; as long as they have an FCGNET account.
> I tried adding the AuthnProviderAlias lines to each config file, but I get
> an error because it only needs to be defined once.
> I tried removing the "Require valid-user" line; but that then doesn't allow
> any access.
> Have any clues what I am doing wrong? Thanks.
> PATI MOSS
> System Engineer Sr. Professional
First. LDAP (authentication) is only 1/2 of the big picture. You will
still need configure authorization on the repo's themselves.
These may be of assistance in configuring authorization (depending on
Second, Its hard to help troubleshoot when you don't provide useful
information or a direct question. Was there something you needed help
with? I didnt see any questions other than "Can someone lend a hand in
figuring out what I have done wrong, or need to do?"
Received on 2010-11-09 15:24:54 CET