LDAP authz aliases with svn+ssh

From: Owen Loy <owen.loy_at_gmail.com>
Date: Thu, 5 Jan 2012 14:07:58 -0800

Hi there,

I'm wondering if my desired setup is possible:

1. Using svn+ssh
2. Using pam_ldap to handle SSH access
3. Using authz-db to handle ACL (against LDAP accounts)

I'm running into a problem with #3. My current test setup is as follows:

svnserve.conf:
---------------------
[general]
authz-db = authz
...

authz:
---------
[aliases]
svnaccess = CN=svngroup,CN=groups,DC=example,DC=com

[/]
&svnaccess = rw

With this setup, SSH is no problem (file permissions are correct, LDAP
works fine, etc...), but SVN returns Not Authorized. To debug, I tried the
following scenarios:

authz with "local" user (works):
--------
[/]
user1 = rw

authz with LDAP alias for specific user (does not work):
--------
[aliases]
svnaccess = CN=user1,CN=users,DC=example,DC=com

[/]
&svnaccess = rw

Has anyone run this sort of setup successfully, or is able to determine
what I'm doing wrong? I'm 99% sure the DNs are correct (in that they work
for SSH purposes, and other non-related issues), but don't seem to work
within the authz file, even though the docs suggest it should.

Thanks!
Received on 2012-01-05 23:08:52 CET

This message: [ Message body ]
Next message: Patrick Burma: "Re: LDAP authz aliases with svn+ssh"
Previous message: Phil: "Re: How to control where to put .subversion directory"
Next in thread: Patrick Burma: "Re: LDAP authz aliases with svn+ssh"
Reply: Patrick Burma: "Re: LDAP authz aliases with svn+ssh"
Reply: Daniel Shahaf: "Re: LDAP authz aliases with svn+ssh"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]