>I don't think you want the "Require valid-user" line, since by default it
uses
>ANY of the Require lines as matches. (And in your case valid-user
matches all
>users so it doesn't care you are also specifying a group and an user.)
But if I remove that line then no one can access the repository.
PATI MOSS
System Engineer Sr. Professional
CSC
From:
kmradke_at_rockwellcollins.com
To:
Patricia A Moss/USA/CSC_at_CSC
Cc:
users_at_subversion.apache.org
Date:
11/09/2010 10:38 AM
Subject:
Re: locking down access to a repository
Stefan Sperling <stsp_at_elego.de> wrote on 11/09/2010 08:34:37 AM:
> > I've configured my ldap aliases as follows:
> > <AuthnProviderAlias ldap ldap-FCGNET>
> > AuthLDAPBindDN FCGNET\svnuser
> > AuthLDAPBindPassword xxxxxxxxx
> > AuthLDAPURL
> > ldap://xxxxxx.fcg.com:3268/DC=fcg,DC=com?samAccountName?sub?
> > (objectCategory=person)
> > </AuthnProviderAlias>
> > <AuthnProviderAlias ldap ldap-VIET>
> > AuthLDAPBindDN "CN=fcgvuser,OU=Service
> > Accounts,OU=Users,OU=Production,DC
> > =vdc,DC=csc,DC=com"
> > AuthLDAPBindPassword xxxxxxxxxxx
> > AuthLDAPURL
ldap://xxxxx.vdc.csc.com:3268/DC=vdc,DC=csc,DC=com?sa
> > mAccountName?sub?(objectCategory=person)
> > </AuthnProviderAlias>
> >
> > Then in each, specific repositorry configuration file, I have the
> > following:
> > <Location /FDCertifications>
> > dav svn
> > SVNPath /disk01/home/FDCertifications
> > AuthType Basic
> > AuthBasicProvider ldap-FCGNET ldap-VIET
> > AuthzLDAPAuthoritative off
> > AuthName "CSC Subversion Repository"
> > Require valid-user
> > Require ldap-group CN=PRJ
> > FDCertifications,OU=Europe,OU=Groups,DC=fcg,DC=com
> > Require ldap-user pmoss
> > </Location>
I don't think you want the "Require valid-user" line, since by default it
uses
ANY of the Require lines as matches. (And in your case valid-user matches
all
users so it doesn't care you are also specifying a group and an user.)
Kevin R.
Received on 2010-11-09 16:42:30 CET