[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Apache httpd 2.4 + Subversion 1.9.5 + LDAP combination does not work on CentOS 7.x

From: Ravi Roy <ravi.aroy_at_gmail.com>
Date: Mon, 17 Jul 2017 17:39:17 +0530

Hi

I've been using Apache httpd 2.2.23 with Subvesion 1..6.21 with LDAP on
CentOS 5.11 (old setup) for years now. Recently we planned to upgrade to
Subversion 1.9.x with Apache httpd 2.4.x, i've prepared the setup as per
the following with LDAP support :

1) compiled and installed Apache 2.4.16 from source
2) compile and installed Subversion 1.9.5 from source

I've the following snippet in my httpd config which works in old setup
perfectly but in the new setup it does not work at all, It can not control
the repo access:

<Location /svn/MyRepo>
    DAV svn
    SVNPath /var/repos/svn/MyRepo.
        Satisfy any
        <LimitExcept GET PROPFIND OPTIONS REPORT>
                Require valid-user
        </LimitExcept>
        Order allow,deny
        Allow from all
        AuthzLDAPAuthoritative on
        AuthType Basic
        AuthName "Please use your Username and Password:"
        AuthLDAPBindDN "CN=Ac,OU=All Users,OU=myOU,DC=mydomain,DC=com"
        AuthLDAPBindPassword mypass
        AuthLDAPURL "ldap://mydomain.com:3269/dc=m
ydomain,dc=com?sAMAccountName?sub?(objectClass=*)
<http://mydomain.com:3268/dc=mydomain,dc=com?sAMAccountName?sub?(objectClass=*)>
"
        AuthBasicProvider ldap
        AuthUserFile /dev/null
        AuthzSVNAccessFile /var/repos/permissions/permfile.txt
</Location>

permfile.txt
========

[groups]
write-perm1 = user1, user2

[/]
@write-perm1 = rw
* =

After removing "AuthzLDAPAuthoritative on" (which is removed in Apache
httpd 2.4.x), it allows any ldap user to access the repo (which i do not
want). I want permfile to control the access to repo, but i could not see
an effective way to enable it.
Can somebody help here please?

Regards
Ravi.
Received on 2017-07-17 14:09:25 CEST

This is an archived mail posted to the Subversion Users mailing list.