On Mon, Oct 08, 2012 at 09:29:48AM -0700, Damon Wischik wrote:
> I have some usernames which contain the '=' character, and I can't
> figure out how to refer to them in the authz file.
>
> I'm using Apache2 to serve a subversion repository, and I'm using
> client certificates with FakeBasicAuth. This means that a user has to
> provide a client certificate, and Apache takes the subject line of the
> certificate, and uses that as the username. For example, a username
> might be "/CN=Damon Wischik".
>
> I've tried all the ways of escaping/quoting I can think of (single
> quotes, double quotes, backtick, double the equal sign, \=), but all
> of them lead to an Apache error message like "Failed to load the
> AuthzSVNAccessFile: The character 'D' in rule '/CN' is not allowed in
> authz rules".
>
> I've seen some previous questions here about "How do I escape @ in
> authz?" and "How do I escape [] in authz?" but no answer apart from a
> discussion about patching which was beyond me.
>
> Slightly off-topic -- if I can't have usernames with '=' in authz,
> does anyone know how to tell Apache FakeBasicAuth to use something
> else for its username, or is there a way to get authz to do username
> cleaning/munging before it tests access?
>
> Thanks,
> Damon.
Have you considered setting up aliases as described here?
http://svnbook.red-bean.com/en/1.7/svn.serverconfig.pathbasedauthz.html
Some authentication systems expect and carry relatively short usernames of
the sorts we've been describing here—harry, sally, joe, and so on. But other
authentication systems—such as those which use LDAP stores or SSL client
certificates—may carry much more complex usernames. For example, Harry's
username in an LDAP-protected system might be CN=Harold
Hacker,OU=Engineers,DC=red-bean,DC=com. With usernames like that, the access
file can become quite bloated with long or obscure usernames that are easy to
mistype. Fortunately, username aliases allow you to have to type the correct
complex username only once, in a statement which assigns to it a more easily
digestable alias.
[aliases]
harry = CN=Harold Hacker,OU=Engineers,DC=red-bean,DC=com
sally = CN=Sally Swatterbug,OU=Engineers,DC=red-bean,DC=com
joe = CN=Gerald I. Joseph,OU=Engineers,DC=red-bean,DC=com
Received on 2012-10-08 19:04:34 CEST