[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svn commit failing - username not sent on the MERGE webdav command

From: Branko ─îibej <brane_at_apache.org>
Date: Fri, 11 Aug 2017 13:16:21 +0200

On 10.08.2017 23:12, greg_at_gregj.me wrote:
> Ok I think this is onto something. I changed
>
> <LimitExcept MERGE> to <LimitExcept GET> and the commit worked. When I removed the LIMITEXCEPT completely it didn't even request my password (and failed).
>
> I'll have our tester test it with that tonight if possible.
>
> Thank You!
>
> Question: What *should* be specified?

If you want all access to be authenticated, you do not need a <Limit> or
<LimitExcept> clause; just the "Require valid-user".

You'd use Limit(Except) in order to impose read-only and read-write
distinction in the request level, before mod_authz_svn kicks in. Here's
an example, the config I use at $DAYJOB for httpd 2.4.x:

        <RequireAll>
            Require valid-user
            <Limit HEAD GET OPTIONS PROPFIND REPORT>
                <RequireAny>
                    Require ldap-group cn=dev,ou=group,dc=example,dc=com
                    Require ldap-group cn=dev.readonly,ou=group,dc=example,dc=com
                    # More reader groups here
                </RequireAny>
            </Limit>
            <LimitExcept HEAD GET OPTIONS PROPFIND REPORT>
                <RequireAny>
                    Require ldap-group cn=dev,ou=group,dc=example,dc=com
                    # More writer groups here
                </RequireAny>
            </LimitExcept>
        </RequireAll>

I have LDAP authentication set up, and group assignments in LDAP to
distinguish between users with only read access and users with
read/write access. Notice how I use Limit and LimitExcept so that the
list of request methods is the same in both clauses, makes it easy to
check the config by eye and I only have to remember what the "read
access" methods are. :)

-- Brane
Received on 2017-08-11 13:16:24 CEST

This is an archived mail posted to the Subversion Users mailing list.