Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id BA8B8200B31 for ; Tue, 24 May 2016 19:57:02 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id B93A5160A35; Tue, 24 May 2016 17:57:02 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 0968216098E for ; Tue, 24 May 2016 19:57:01 +0200 (CEST) Received: (qmail 66288 invoked by uid 500); 24 May 2016 17:56:56 -0000 Mailing-List: contact users-help@subversion.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@subversion.apache.org Received: (qmail 66278 invoked by uid 99); 24 May 2016 17:56:55 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 24 May 2016 17:56:55 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 667F4C6791 for ; Tue, 24 May 2016 17:56:55 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -0.802 X-Spam-Level: X-Spam-Status: No, score=-0.802 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd1-us-west.apache.org (amavisd-new); dkim=pass (1024-bit key) header.d=tibco.com Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id RV_JNwmGZvmF for ; Tue, 24 May 2016 17:56:54 +0000 (UTC) Received: from mail-pf0-f169.google.com (mail-pf0-f169.google.com [209.85.192.169]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id C2F8660E48 for ; Tue, 24 May 2016 17:56:53 +0000 (UTC) Received: by mail-pf0-f169.google.com with SMTP id g64so9308099pfb.2 for ; Tue, 24 May 2016 10:56:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tibco.com; s=tibcogoogle; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding; bh=5rPgGFJctlauWGPFq6GW2oThKtezyhCaneTco8gc2iU=; b=jGHsvOA+QuplZqJEoT4COitWyl6r4VumvEEUs84Ol+q9e9N2zWHSbs8gSGKF9Xjzeo aTEvtJiQl4hJ+ShynqXkk/dl14BWNlGJwFSdIh/2b6Odsr8mM9wn3KGba7YL7xcIcq4A yG1V3Li0b/owIbr/xQIrnnZBYMZ7NmTnU8/RQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=5rPgGFJctlauWGPFq6GW2oThKtezyhCaneTco8gc2iU=; b=mf5ANFloJviqxeNUuD4tXoskg/1p64iNcAB/jTNXH0b26x8BgY9jp33PkEHppi2A2F Nam28auFg15KcErlIzxdiookRfTJj2zrtU7IZRY4oBcAl2akcIW+x0DbIGcMwJtAhqR+ y//EE1Ln5BrUf4l2j/P1Ht3uc0StS6zNBoAAB7Y4fcURG9fvvDVVB/y1NIR/hANqIhVl gdjaiyECuMzVMU2s+HLSJ2FVuslHHzwgIJqMLzOXYI4y9Ua98fu9VhFHfKSSzZcOQLC/ zwOEgZ3DwQdnO8G3NJu5cReauffJsZ9V3dLZ44Oj7h5ysDOzIK6dGA6HYENvRxPNq25o YWMw== X-Gm-Message-State: ALyK8tI2/digO9m9h+EZieHMLxZhDTzi8FQTiCvfflEZxXLk+eZz4iT1cHDWhBQLeIDsR35e X-Received: by 10.98.83.199 with SMTP id h190mr8677894pfb.15.1464112612323; Tue, 24 May 2016 10:56:52 -0700 (PDT) Received: from eej-new-macbook-pro.na.tibco.com ([160.101.0.7]) by smtp.googlemail.com with ESMTPSA id i29sm4890859pfi.18.2016.05.24.10.56.51 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 24 May 2016 10:56:51 -0700 (PDT) Subject: Re: LDAP Usage Question To: Dariusz Nowak , "users@subversion.apache.org" References: From: Eric Johnson Message-ID: <574495E2.4010605@tibco.com> Date: Tue, 24 May 2016 10:56:50 -0700 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0) Gecko/20100101 Thunderbird/38.7.2 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit archived-at: Tue, 24 May 2016 17:57:02 -0000 We scan our LDAP server, and generate group information from that, and then apply that to our version control servers. Eric. On 5/24/16 12:51 AM, Dariusz Nowak wrote: > > Hello, > > > I'm new in subversion world and tried to research something yesterday > - without success, so decided to post here. My question is related to > authentication using LDAP. > > > My scenario is that I will require 2 auth methods (passwd + ldap) all > of services (like Jenkins) will use passwd + authz and all of "humans" > will use their AD accounts. I found really useful option in config > aliasses however got small problem applying to LDAP. And my question is: > > > Can I create aliasses for LDAP groups ? I want in my LDAP AUTH file to > have something like: > > [aliases] > > mygroup = CN=PATH,DN=TO,DN=LDAP,DN=GROUP > > > [/] > > @mygroup = r > > > So I'm allowing for example every User object in my ldap tree to > access, but later limiting it like that ... this is how our current > setup works (a lot of hardcoded user/groups in auth/passwd files and > [/path/to/repo] = group1 = r, group2 = rw etc. > > > Trying to mimic that with LDAP > > > Regards > > D >