[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: LDAP authz aliases with svn+ssh

From: Patrick Burma <patrick.burma_at_wandisco.com>
Date: Thu, 5 Jan 2012 15:30:39 -0700

You might try this to sync your authz file to an ldap group, it will write
in the entries for you, nice way to avoid issues with syntax perhaps?

http://www.thoughtspark.org/node/26

Never used it myself, meant to try it, but I've heard good things.

-Pat

On Thu, Jan 5, 2012 at 3:07 PM, Owen Loy <owen.loy_at_gmail.com> wrote:

> Hi there,
>
> I'm wondering if my desired setup is possible:
>
> 1. Using svn+ssh
> 2. Using pam_ldap to handle SSH access
> 3. Using authz-db to handle ACL (against LDAP accounts)
>
> I'm running into a problem with #3. My current test setup is as follows:
>
> svnserve.conf:
> ---------------------
> [general]
> authz-db = authz
> ...
>
> authz:
> ---------
> [aliases]
> svnaccess = CN=svngroup,CN=groups,DC=example,DC=com
>
> [/]
> &svnaccess = rw
>
> With this setup, SSH is no problem (file permissions are correct, LDAP
> works fine, etc...), but SVN returns Not Authorized. To debug, I tried the
> following scenarios:
>
> authz with "local" user (works):
> --------
> [/]
> user1 = rw
>
>
> authz with LDAP alias for specific user (does not work):
> --------
> [aliases]
> svnaccess = CN=user1,CN=users,DC=example,DC=com
>
> [/]
> &svnaccess = rw
>
> Has anyone run this sort of setup successfully, or is able to determine
> what I'm doing wrong? I'm 99% sure the DNs are correct (in that they work
> for SSH purposes, and other non-related issues), but don't seem to work
> within the authz file, even though the docs suggest it should.
>
> Thanks!
>
Received on 2012-01-05 23:31:15 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.