Question regarding mod_authnz_svn configurations

From: Matthew Hamilton <kentsnu_at_gmail.com>
Date: Fri, 14 Mar 2014 10:12:07 -0500

I have read the Subversion book regarding the configuration of
mod_authnz_svn and mod_dav_svn for apache as the Subversion server.

I am making use of mod_authnz_ldap to restrict access to our repositories
based on ldap-group membership and we are using Active Directory as our
LDAP server.

I want to also be able to set up path-based authorization and have the
access based on the users ldap-group membership.

I.E. currently the AuthzSVNAccessFile has the [groups] section but the only
valid value that seems to work is the user name that the user authenticated
with.

[groups]
proj1-devs = marry, jane, jim, bob
proj2-dev = jill, jack, alex

[proj1:/]
proj1-devs = rw
proj2-devs = r

[proj2:/]
proj1-devs = r
proj2-devs = rw

I would like to be able to define the groups based on ldap groups

[groups]
proj1-devs = CN=proj1_developers,ou=ldap,dc=mycorp,dc=com
proj2-devs = CN=proj2_developers,ou=ldap,dc=mycorp,dc=com

[proj1:/]
proj1-devs = rw
proj2-devs = r

[proj2:/]
proj1-devs = r
proj2-devs = rw

This way we don't have to update the access file each time a new user is
added to the ldap group.

Are there any plans to introduce this kind of functionality to
mod_authnz_svn?

Thanks

-- 
Matthew Hamilton

Received on 2014-03-14 16:12:43 CET

This message: [ Message body ]
Next message: Philip Martin: "Re: Question regarding mod_authnz_svn configurations"
Previous message: Branko Čibej: "Re: Mergeinfo overwritten from successive merges"
Next in thread: Philip Martin: "Re: Question regarding mod_authnz_svn configurations"
Reply: Philip Martin: "Re: Question regarding mod_authnz_svn configurations"
Maybe reply: Matthew Hamilton: "Re: Question regarding mod_authnz_svn configurations"
Reply: Stefan Sperling: "Re: Question regarding mod_authnz_svn configurations"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]