|
| I've spent almost a full day looking for a solution to my problem.
Hints and tips (or full out solutions) are appreciated.
I have Apache 2.0 on Windows 2003 server and am trying to configure
my
httpd.conf to control access to my Subversion 1.4x repository. None
of
the software can be changed very easily - I'm stuck with what I have.
I have several repositories to which I want to grant all company
employees read access. Company employees can be authenticated in ldap
by their Global IDs and passwords (separate from our pc/network IDs).
I want to restrict WRITE access on a repository basis using some sort
of white list.
So, the user would access the repository and Apache would prompt for
a
GID and password. If the user authenticates Apache further checks to
see if they are in the whitelist (group) for that particular
repository. If they are not in the group, only READ access is
granted.
If they are in the group, WRITE access is granted as well as read.
I've been able to make ldap and group/file access work separately but
not together and it is always either R/W or no access. I also don't
want to maintain a separate password file - I only want to use the
password that is stored in ldap.
Here is my current Location section:
<Location /svn/sandbox2>
DAV svn
# list repositories
SVNPath D:/svn/sandbox2/
# our access control policy
AuthType Basic
AuthName "Subversion Secondary Sandbox"
AuthLdapUrl ldap://directory.xxxxxxx:###/ou=JP,ou=JAPAN,o=GROUP?uid
(NOTE - modified the url for posting)
AuthGroupFile D:/svn_conf/source_library_groupfile
Require valid-user
Require group sandbox2
</Location>
Thanks!
|
|