[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Path based authorization using LDAP groups

From: Tati, Aslesh : Barclaycard US <atati_at_barclaycardus.com>
Date: Tue, 17 Sep 2013 15:26:30 +0000

I'm trying to setup a path based authorization using different LDAP groups.

Developers should be able to see all repositories and commit to all repos (the corresponding LDAP group is subversion_developers)

Business users should be able to see all repositories but only commit to specific assigned repo (corresponding LDAP group is subversion_bususers)

There is another LDAP group which is subversion_readonly which is intended to give read only access to all repos.

My httpd.conf looks something like this:

RedirectMatch ^(/svn)$ $1/
<Location /repos>
   DAV svn
   SVNParentPath "/local/data/svn/svntestrepos"
   SVNReposName "CollabNet Subversion Repository"
   BrowserMatch "^SVN/1.[456]" denyclient
   order allow,deny
   allow from all
   deny from env=denyclient
   SVNListParentPath On
   Allow from all
   AuthType Basic
   AuthName "CollabNet Subversion Repository"
   AuthBasicProvider ldap
  AuthLDAPUrl "ldap://xyz.com:3268/dc=abc,dc=com?sAMAccountName?sub?objectClass=*" "NONE"
   AuthLDAPBindDN "svn_user"
   AuthLDAPBindPassword "password"
  <LimitExcept OPTIONS GET PROPFIND REPORT>
   require ldap-group CN= subversion_readonly,OU=abc Access Groups,DC=abc,DC=com
  </LimitExcept>
   require ldap-group CN= subversion_developers,OU=abc Access Groups,DC=abc,DC=com
</Location>

<Location /repos/business>
   DAV svn
   SVNPath "/local/data/svn/svntestrepos/business"
   SVNReposName "CollabNet Business users Subversion Repository"
   BrowserMatch "^SVN/1.[456]" denyclient
   order allow,deny
   allow from all
   deny from env=denyclient
   Allow from all
   AuthType Basic
   AuthName "CollabNet Business Users Subversion Repository"
   AuthBasicProvider ldap
   AuthLDAPUrl "ldap://xyz.com:3268/dc=abc,dc=com?sAMAccountName?sub?objectClass=*" "NONE"
   AuthLDAPBindDN "svn_user"
   AuthLDAPBindPassword "password"
  <LimitExcept OPTIONS GET PROPFIND REPORT>
   require ldap-group CN= subversion_readonly,OU=abc Access Groups,DC=abc,DC=com
  </LimitExcept>
   require ldap-group CN= subversion_bususers,OU=abc Access Groups,DC=abc,DC=com
</Location>

I'm able to access all repos except the business repo with this setting and when I try to commit something I get an error saying "Redirect cycle detected for URL"

Does this have something to do with the line RedirectMatch ^(/svn)$ $1/ ? I'm pretty much a novice at apache configuration, so forgive my ignorance.

Any help is appreciated, Thank you.

Barclaycard
www.barclaycardus.com

This email and any files transmitted with it may contain confidential and/or proprietary information. It is intended solely for the use of the individual or entity who is the intended recipient. Unauthorized use of this information is prohibited. If you have received this in error, please contact the sender by replying to this message and delete this material from any system it may be on.
Received on 2013-09-17 17:27:22 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.