[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: AuthType Basic (with ext LDAP)

From: Naumenko, Roman <roman.naumenko_at_rbccm.com>
Date: Fri, 18 Oct 2013 19:46:43 +0000

On 2013/10/18 1:51 PM, Ben Reser wrote:
> On 10/18/13 10:01 AM, Naumenko, Roman wrote:
>> What I noticed is that svn server making a request for each svn URI or
>> operation, which neither LDAP server likes nor users that could be
>> waiting for their turn to be authenticated and see delays in svn server
>> response.
>>
>> Could somebody point me where the problem is?
>> I'd expect only one authentication request from the server when user
>> presents himself first time (or after cache expires).
> This is a feature. It allows you to use Apache authentication setups that are
> path based like mod_authz_svn is. In your case (and most users case) the only
> authentication handler that cares about the path is mod_authz_svn, in which
> case you can use the mod_dav_svn configuration directive "SVNPathAuthz
> short_circuit" which will prevent subrequests from being generated for
> additional paths that a request touches other than the path in the request URI
> and instead simply ask mod_authz_svn to process the path directly. This will
> speed up your server by quite a bit since subrequests are slow as well as
> resolving your problem with LDAP.
Ben, thank you.
When short_circuit is enabled, then LDAP requests are not recorded any
more in the debug log (except for initial request), so that what I was
looking for. Great.

But there are still checks (or maybe this is just info log) against
access-file for each path in repository.
Is it something expected or enabled somewhere by default?

[Fri Oct 18 15:35:52 2013] [info] [client 10.11.11.18] Access granted:
'user1' REPORT /trunk/very_long_path/Data.manifest
[Fri Oct 18 15:35:52 2013] [debug]
subversion/mod_authz_svn/mod_authz_svn.c(195): [client 10.11.11.18] Path
to authz file is /path_to_access_file/svn_acc

I mean if a user has access to a repository, why checking all paths
under? Or its just info log about mod_authz_svn processing path
directly, as you said?

--Roman
_______________________________________________________________________

This email is intended only for the use of the individual(s) to whom it is addressed and may be privileged and confidential.
Unauthorised use or disclosure is prohibited. If you receive This e-mail in error, please advise immediately and delete the original message.
This message may have been altered without your or our knowledge and the sender does not accept any liability for any errors or omissions in the message.

Ce courriel est confidentiel et protégé. L'expéditeur ne renonce pas aux droits et obligations qui s'y rapportent.
Toute diffusion, utilisation ou copie de ce message ou des renseignements qu'il contient par une personne autre que le (les) destinataire(s) désigné(s) est interdite.
Si vous recevez ce courriel par erreur, veuillez m'en aviser immédiatement, par retour de courriel ou par un autre moyen.
Received on 2013-10-18 21:47:30 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.