You might try this to sync your authz file to an ldap group, it will write
in the entries for you, nice way to avoid issues with syntax perhaps?
http://www.thoughtspark.org/node/26
Never used it myself, meant to try it, but I've heard good things.
-Pat
On Thu, Jan 5, 2012 at 3:07 PM, Owen Loy <owen.loy_at_gmail.com> wrote:
> Hi there,
>
> I'm wondering if my desired setup is possible:
>
> 1. Using svn+ssh
> 2. Using pam_ldap to handle SSH access
> 3. Using authz-db to handle ACL (against LDAP accounts)
>
> I'm running into a problem with #3. My current test setup is as follows:
>
> svnserve.conf:
> ---------------------
> [general]
> authz-db = authz
> ...
>
> authz:
> ---------
> [aliases]
> svnaccess = CN=svngroup,CN=groups,DC=example,DC=com
>
> [/]
> &svnaccess = rw
>
> With this setup, SSH is no problem (file permissions are correct, LDAP
> works fine, etc...), but SVN returns Not Authorized. To debug, I tried the
> following scenarios:
>
> authz with "local" user (works):
> --------
> [/]
> user1 = rw
>
>
> authz with LDAP alias for specific user (does not work):
> --------
> [aliases]
> svnaccess = CN=user1,CN=users,DC=example,DC=com
>
> [/]
> &svnaccess = rw
>
> Has anyone run this sort of setup successfully, or is able to determine
> what I'm doing wrong? I'm 99% sure the DNs are correct (in that they work
> for SSH purposes, and other non-related issues), but don't seem to work
> within the authz file, even though the docs suggest it should.
>
> Thanks!
>
Received on 2012-01-05 23:31:15 CET