David Weintraub wrote on Tue, Sep 06, 2011 at 11:12:41 -0400:
> This is really part of the same question, but it involves both our
> Subversion repository and Jenkins.
>
> We want to use our Windows Active Directory to log into Jenkins and as
> our permissioning scheme in Subversion. Subversion uses Apache httpd.
>
> First in Subversion: We have the following setup for the "mfxdomain":
>
> <Location /src>
> DAV svn
> SVNParentPath /opt/cm/svn_repos
> AuthType basic
> AuthName "MFX Repository"
> AuthBasicProvider ldap
> AuthzLDAPAuthoritative off
> AuthLDAPURL
> "ldap://mfxdomain.mycompany.com:3268/dc=mycompany,dc=com?sAMAccountName"
> NONE
> AuthLDAPBindDN "CN=svnuser,OU=Users,DC=mycompany,DC=com"
> AuthLDAPBindPassword "swordfish"
> Require valid-user
> </Location>
>
> This works great. Anyone in the mfxdomain is able to log in. However,
> many of our users are actually in the effdomain, so we need to verify
> a user is either in one of the two domains. How do I set this up? Do I
> need a new <location>, or do I double the AuthLDAP lines?
>
AIUI httpd 2.3.x is required in order to be able to say 'Either <this>
LDAP group or <that> LDAP group' in authz settings. (We ran into this
at ASF infra). With 2.2 you might have to use separate <Location>s.
> And in both, how do I know if someone is in one domain or the other?
> Do they need to prefix their login with the domain?
>
Why do you need to know that?
> --
> David Weintraub
> qazwart_at_gmail.com
Received on 2011-09-06 17:50:48 CEST