[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

AW: Path-based authorization buggy when using SASL-LDAP

From: Markus Karg <karg_at_quipsy.de>
Date: Mon, 26 Nov 2012 16:59:30 +0100

Good idea. Here is the config. :-)

== svnserve.conf ==

[general]
anon-access = none
auth-access = write
realm = MyDomain
authz-db = authzfile

[sasl]
use-sasl=true

== authzfile (stripped all groups that "mk" is not member of) ==

[aliases]
mk = CN=Markus Karg,OU=Lokale-Benutzer,DC=MyDomain,DC=local

[groups]
the.developers = &mk

[/]
@the.developers = rw

There is another strange thing: As soon as I use the ambersand ("&mk") instead of simply "mk", it does *always* say Access Denied (while it works well but only denis *some* paths when using "mk" without the ambersand). This is weird, as "mk" is not a user but an alias...!?

It is totally strange. For me it looks like a rather big bug in svnserve...!

Thanks!
-Markus

-----Ursprüngliche Nachricht-----
Von: Daniel Shahaf [mailto:d.s_at_daniel.shahaf.name]
Gesendet: Montag, 26. November 2012 15:52
An: Jan Keirse
Cc: Markus Karg; users_at_subversion.apache.org
Betreff: Re: Path-based authorization buggy when using SASL-LDAP

Jan Keirse wrote on Mon, Nov 26, 2012 at 09:42:53 +0100:
> On Mon, Nov 26, 2012 at 9:28 AM, Markus Karg <karg_at_quipsy.de> wrote:
>
> > I am using aliases (as typical with LDAP), so the cause you
> > described should not happen. Also, everything is lower case (alias
> > names, group names, etc.). And I do not have any relation between
> > the rules‘ paths and the failing paths, as I said initially.****
> >
> > **
> >
>
> Okay, than you have another problem.
>

FWIW: I would suggest to post a minimal httpd.conf + svn authz file with which the problem was successfully reproduced.

>
> > **
> >
> > Also, I did not find a documentation on „force-username-case“. Can
> > you point me to a description on the web? J
> >
>
> 11 Oct 2010:
> http://mail-archives.apache.org/mod_mbox/subversion-commits/201010.mbo
> x/%3C20101011192637.0D37723888E7_at_eris.apache.org%3E
>
> So it was introduced after 1.6.12 was released (21 Jun 2010).

It is a new feature so it would have first appeared in a minor release
--- hence, it was added in 1.7.0
Received on 2012-11-26 17:00:12 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.