Here is an configuration that i use to authenticate users thats use our svn server.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 | LoadModule dav_svn_module modules/mod_dav_svn.so LoadModule authz_svn_module modules/mod_authz_svn.so # Add the following to allow a basic authentication and point Apache to where the actual # repository resides. <location chartes= "" svn= "" > DAV svn SVNPath / var /www/html/svn/chartes AuthType Basic AuthName "My company repo" #AuthBasicAuthorative Off AuthBasicProvider ldap AuthLDAPBindDN "LOGIN_OF_AUTHORIZED_USER_TO_SEARCH" AuthLDAPBindPassword "PASSWORD_FOR_AUTHORIZED_USER" Require valid-user </location> |
DC items may be more then 2, depending on your AD configuration.
Remark here we use sAMAccountName as research criteria Now imagine we want this scenario:
1-LDAP auth
2-Access rights granted from local file (rw rights)
We can do that by adding a simple directive in our .conf file
AuthzSVNAccessFile
so our new .conf file become:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 | LoadModule dav_svn_module modules/mod_dav_svn.so LoadModule authz_svn_module modules/mod_authz_svn.so # Add the following to allow a basic authentication and point Apache to where the actual # repository resides. <location chartes= "" svn= "" > DAV svn SVNPath / var /www/html/svn/chartes AuthType Basic AuthName "My company repo" #AuthBasicAuthorative Off AuthBasicProvider ldap AuthLDAPBindDN "LOGIN_OF_AUTHORIZED_USER_TO_SEARCH" AuthLDAPBindPassword "PASSWORD_FOR_AUTHORIZED_USER" AuthzSVNAccessFile /etc/svn-repo-chartes.authz Require valid-user </location> |
[/] * = r
Now no-one has write right on repo here but only read
Let's see that
Sceanrio:
1- Login
2-Checkout
3-Create file
4-Add file to repo
5-commit
Craps!
We have that message :
Accès à '/svn/chartes/!svn/me' interdit' <=> 'Access to .... denied'
Now you can set authorizations line by line and user by user
I'll grant to Mr 66456 a write right
Our new authorizations file content become:
[/]
* = r
66456 = rw
Let's commit again...
All right !