[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Apache httpd 2.4 + Subversion 1.9.5 + LDAP combination does not work on CentOS 7.x

From: Branko ─îibej <brane_at_apache.org>
Date: Mon, 17 Jul 2017 14:22:13 +0200

On 17.07.2017 14:09, Ravi Roy wrote:
> Hi
>
> I've been using Apache httpd 2.2.23 with Subvesion 1..6.21 with LDAP
> on CentOS 5.11 (old setup) for years now. Recently we planned to
> upgrade to Subversion 1.9.x with Apache httpd 2.4.x, i've prepared the
> setup as per the following with LDAP support :
>
> 1) compiled and installed Apache 2.4.16 from source
> 2) compile and installed Subversion 1.9.5 from source
>
>
> I've the following snippet in my httpd config which works in old setup
> perfectly but in the new setup it does not work at all, It can not
> control the repo access:
>
> <Location /svn/MyRepo>
> DAV svn
> SVNPath /var/repos/svn/MyRepo.
> Satisfy any
> <LimitExcept GET PROPFIND OPTIONS REPORT>
> Require valid-user
> </LimitExcept>
> Order allow,deny
> Allow from all
> AuthzLDAPAuthoritative on
> AuthType Basic
> AuthName "Please use your Username and Password:"
> AuthLDAPBindDN "CN=Ac,OU=All Users,OU=myOU,DC=mydomain,DC=com"
> AuthLDAPBindPassword mypass
> AuthLDAPURL
> "ldap://mydomain.com:3269/dc=mydomain,dc=com?sAMAccountName?sub?(objectClass=*)
> <http://mydomain.com:3268/dc=mydomain,dc=com?sAMAccountName?sub?%28objectClass=*%29>"
> AuthBasicProvider ldap
> AuthUserFile /dev/null
> AuthzSVNAccessFile /var/repos/permissions/permfile.txt
> </Location>
>
> permfile.txt
> ========
>
> [groups]
> write-perm1 = user1, user2
>
> [/]
> @write-perm1 = rw
> * =
>
>
> After removing "AuthzLDAPAuthoritative on" (which is removed in Apache
> httpd 2.4.x), it allows any ldap user to access the repo (which i do
> not want). I want permfile to control the access to repo, but i could
> not see an effective way to enable it.
> Can somebody help here please?

You should remove these lines:

    Satisfy any
    Order allow,deny
    Allow from all
    AuthUserFile /dev/null

then add

    Satisfy all

I also suggest you add the HEAD method to the LimitExcept directive.

-- Brane
Received on 2017-07-17 14:22:22 CEST

This is an archived mail posted to the Subversion Users mailing list.