[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

LDAP authz aliases with svn+ssh

From: Owen Loy <owen.loy_at_gmail.com>
Date: Thu, 5 Jan 2012 14:07:58 -0800

Hi there,

I'm wondering if my desired setup is possible:

1. Using svn+ssh
2. Using pam_ldap to handle SSH access
3. Using authz-db to handle ACL (against LDAP accounts)

I'm running into a problem with #3. My current test setup is as follows:

svnserve.conf:
---------------------
[general]
authz-db = authz
...

authz:
---------
[aliases]
svnaccess = CN=svngroup,CN=groups,DC=example,DC=com

[/]
&svnaccess = rw

With this setup, SSH is no problem (file permissions are correct, LDAP
works fine, etc...), but SVN returns Not Authorized. To debug, I tried the
following scenarios:

authz with "local" user (works):
--------
[/]
user1 = rw

authz with LDAP alias for specific user (does not work):
--------
[aliases]
svnaccess = CN=user1,CN=users,DC=example,DC=com

[/]
&svnaccess = rw

Has anyone run this sort of setup successfully, or is able to determine
what I'm doing wrong? I'm 99% sure the DNs are correct (in that they work
for SSH purposes, and other non-related issues), but don't seem to work
within the authz file, even though the docs suggest it should.

Thanks!
Received on 2012-01-05 23:08:52 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.