subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aaron Turner <synfina...@gmail.com>
Subject Re: LDAP Group Configuration in AuthzSVNAccessFile
Date Thu, 01 Apr 2010 06:08:14 GMT
On Wed, Mar 31, 2010 at 2:38 PM, Stefan Sperling <stsp@elego.de> wrote:
> On Wed, Mar 31, 2010 at 02:28:53PM -0700, Aaron Turner wrote:
>> On Wed, Mar 31, 2010 at 2:25 PM, Stefan Sperling <stsp@elego.de> wrote:
>> > On Wed, Mar 31, 2010 at 12:40:13PM -0700, Aaron Turner wrote:
>> >> On Wed, Mar 31, 2010 at 12:23 PM, Lee Kaufman
>> >> <lee.kaufman@transmetric.com> wrote:
>> >> > I have been set the task of setting up SVN and connecting Authentication
and
>> >> > Authorization to our MS Active Directory system.  The SVN is now running
on
>> >> > a Debian Linux server.  I have successfully set up Authenticated to
>> >> > authenticate users who have access to the SVN system based on a Security
>> >> > Group in our AD.
>> >> >
>> >> > The next task is where I am encountering the difficulty is in Authorizing
>> >> > individual users to read and write to the individual repositories. 
From
>> >> > what I have seen I need I to do this I need a AuthzSVNAccessFile file.
>> >> > However I have not been able to find any documentation on how to accomplish
>> >> > this using AD groups.  Below is a simple example.
>> >>
>> >> Last time I checked, you can't do authorization via LDAP/AD.  Just
>> >> authentication.  Hence the lack of documentation on the subject.
>> >
>> > Various wrapper scripts exist which generate an authz rules file
>> > from data pulled from LDAP/AD directories. I agree that it would
>> > be nice to have built-in support for this in mod_authz_svn though.
>>
>> Do you have a link to such a script?  I've occasionally looked for one
>> and never found it... was planning on writing one someday, but no
>> point in reinventing the wheel.
>
> Google "svn authz ldap" says:
> http://www.thoughtspark.org/node/26

Ah, I was hoping to put path/repo information in the LDAP too.  More
work, but I'm going to have to basically do the same thing for our
TACACS+ server.

> This patch to apache httpd also looks interesting:
> http://mail-archives.apache.org/mod_mbox/httpd-dev/200912.mbox/%3C4B22CFBE.401@gmx.net%3E
> Though I didn't check what became of it.

Interesting... I might have to ping Christian to find out what happened.


-- 
Aaron Turner
http://synfin.net/         Twitter: @synfinatic
http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety.
    -- Benjamin Franklin
"carpe diem quam minimum credula postero"

Mime
View raw message