On 18.07.2017 10:20, Ravi Roy wrote:
>
>
> On Mon, Jul 17, 2017 at 8:03 PM, Ravi Roy <ravi.aroy_at_gmail.com
> <mailto:ravi.aroy_at_gmail.com>> wrote:
>
>
> You should remove these lines:
>
> Satisfy any
> Order allow,deny
> Allow from all
> AuthUserFile /dev/null
>
>
> then add
>
> Satisfy all
>
>
> I also suggest you add the HEAD method to the LimitExcept
> directive.
>
>
>
> As this does not work and bypassing AuthzSVNAccessFile and gives repo
> access to all valid users which exsits in LDAP directory. Does
> somebody know why it is causing this? Thanks
> Ravi.
I have a practically identical configuration (with slightly more complex
access rules) and it does work for me. I suggest you turn on verbose
logging in httpd and check the logs to see what's happening.
My config looks like this:
RedirectMatch permanent ^(/repos)$ $1/
<Location /repos/>
AuthType basic
AuthName "Subversion"
AuthBasicProvider ldap
AuthLDAPUrl "ldaps://ldap.example.com/ou=people,dc=example,dc=com?uid"
AuthLDAPGroupAttribute memberUid
AuthLDAPGroupAttributeIsDN off
AuthLDAPBindDN cn=admin,dc=example,dc=com
AuthLDAPBindPassword "example.com"
<RequireAll>
Require valid-user
<Limit HEAD GET OPTIONS PROPFIND REPORT>
<RequireAny>
# Read access
Require ldap-group cn=dev,ou=group,dc=example,dc=com
Require ldap-group cn=dev.readonly,ou=group,dc=example,dc=com
</RequireAny>
</Limit>
<LimitExcept HEAD GET OPTIONS PROPFIND REPORT>
<RequireAny>
# Write access
Require ldap-group cn=dev,ou=group,dc=example,dc=com
</RequireAny>
</LimitExcept>
</RequireAll>
DAV svn
SVNParentPath /srv/repos
SVNListParentPath on
SVNPathAuthz short_circuit
AuthzSVNAccessFile file:///srv/repos/admin/access.conf
</Location>
-- Brane
Received on 2017-07-18 12:33:38 CEST