I have Apache / SVN running on Windows Server 2003 and via LDAP / Active Directory and a flat-file Has authentication from
This is working very well except that any LDAP user can access everything I want to be able to limit the SVN repository by the user or group.
Ideally, I want to do something like this:
& lt; Place / svn / repo1 & gt; Restricted to # Ldap-user1, file-user1, or ldap-group1 member # All others denied & lt; / Location & gt; & Lt; Place / svn / repo2 & gt; Restricted to # Ldap-user2, file-user2, or ldap-group2 member # All others denied & lt; / Location & gt; The real move may be that I have mixed certification: LDAP and File:
In my Goggling, I have seen that some people complete this by dragging it into a authz file like this:
& lt; Location / svn & gt; ... AuthzSVNAccessFile "conf / svn-authz.txt" & lt; / Location Then, I'll need to map advertisements to users. Any examples of this approach?
It was really easy as I thought it would be. I added it to my location:
& lt; Location / svn & gt; ... AuthzSVNAccessFile "conf / svn-authz.txt" & lt; In that file, I just specify normal SVN permissions (the system file does not seem to differentiate between users and LDAP users at this point): < Code> [groups] @admin = haren ### ### Refuse the tree but reject the administrator ### [/] * = @admin = rw ### ### On the basis of per-repository ### [repo1: /] ldap-user1 = rw file-user1 = rw [repo2: /] ldap-user2 = rw file-user2 = Allow rw
Part to work I am also playing with LDAP group syntax. Any suggestion is appreciated.
Comments
Post a Comment