2010/11/17 Pazmińo Mazón, Iván Andrés <iapm270409_at_sri.ad>:
> Hello,
>
> I'm trying to solve a simple problem but can't find how in the svn-book.
> I need to manage my users in groups, actually teams, I need only team
> members to have read/write access to a set of projects and the rest of
> the organization only read access.
>
> My subversion authenticates users with a ldap server, so I need all users
> be part of a basic group that can read every project in the versionning
> repository and to group together some users and grant them write access
> to a selected set of projects.
You can setup repository access via LDAP. We did this at my last job
and it's not that difficult. As the late Pierre de Fermat once said,
"This proof is fairly simple, and I'll leave it to the reader to
solve."
There is a way to group users and set directory access by these
groups. So, you can have the user name determined by LDAP, the login
by LDAP, and the user name by LDAP. You can also use those user names
in AUTHZ authorization. What I don't know is whether you can use LDAP
groups to be the definitions that AUTHZ uses for directory based read
and read/write access. That would be nice.
If you cannot do that, you might want to use Apache and LDAP groups to
give read/write access to your repository, then use pre-commit hooks
to define your groups and set commit access to particular directories
based upon groups. I rather not touch the Apache httpd configuration
files every time someone comes into or leaves a group.
I have a Perl based pre-commit hook that allows you to define groups
and set read-only, read-write, and add-only access based upon groups.
You can also use the hook to check for properties on files, invalid
file names, and a few other nice tricks. The hook is designed to use
only the standard Perl modules which makes it easier to install. You
can get that from <http://dl.dropbox.com/u/433257/new_svn_hooks.zip>.
--
David Weintraub
qazwart_at_gmail.com
Received on 2010-11-17 19:00:26 CET