Re: locking down access to a repository

From: <kmradke_at_rockwellcollins.com>
Date: Tue, 9 Nov 2010 10:12:31 -0600

Patricia A Moss <pmoss4_at_csc.com> wrote on 11/09/2010 09:41:42 AM:

> From: Patricia A Moss <pmoss4_at_csc.com>
> To: kmradke_at_rockwellcollins.com
> Cc: users_at_subversion.apache.org
> Date: 11/09/2010 09:41 AM
> Subject: Re: locking down access to a repository
>
>
> >I don't think you want the "Require valid-user" line, since by
> default it uses
> >ANY of the Require lines as matches. (And in your case valid-user
> matches all
> >users so it doesn't care you are also specifying a group and an user.)
>
> But if I remove that line then no one can access the repository.

I think you also may need to be less specific with your ldapurl (remove
the
objectclass or use * ??):
(Assuming active directory, this is like what I have used in the past)

  AuthLDAPURL
"ldap://ad.example.com/ou=group,dc=example,dc=com?sAMAccountName"
  AuthLDAPGroupAttribute member
  Require ldap-group ...

It has been quite awhile since I used ldap groups instead of authz
files...

This first google hit has some examples:

http://www.held-im-ruhestand.de/software/apache-ldap-active-directory-authentication

As does this one:

http://ramblings.gibberishcode.net/archives/apache-22-and-active-directory-and-group-restrictions/36

Kevin R.
Received on 2010-11-09 17:13:10 CET

This message: [ Message body ]
Next message: Patricia A Moss: "Re: locking down access to a repository"
Previous message: Feldhacker, Chris: "RE: locking down access to a repository"
In reply to: Patricia A Moss: "Re: locking down access to a repository"
Next in thread: Patricia A Moss: "Re: locking down access to a repository"
Reply: Patricia A Moss: "Re: locking down access to a repository"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]