问题
I use our Active Directory groups to verify access to our Subversion repository. We have the following setup in our httpd.conf file:
<Location /repo>
DAV svn
SVNPath /mnt/svn/repositories/repo
AuthType basic
AuthName "Corporate Repostitory"
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPUrl "ldap://ldap2.vegicorp.net:389 ldap3.vegicorp.net:389/OU=Users,DC=vegicorp,DC=NET?sAMAccountName" NONE
AuthLDAPBindDN "CN=CM,OU=Service Accounts,OU=Users,DC=Vegicorp,DC=NET"
AuthLDAPBindPassword swordfish
Require ldap-group CN=Development,OU=Security Groups,DC=Vegicorp,DC=NET
Require ldap-dn "CN=Release Management,OU=Service Accounts,OU=Users, dc=Vegicorp,dc=net"
AuthzSVNAccessFile /mnt/svn/repo
</Location>
Access to our repository is only suppose to be for the Release Management user (the one who uses Subversion for builds) and people in the group Development. However, I've recently found that a user who are not in the Development group does have access to our repository.
Is there an error somewhere in our configuration? Or, could there be another reason why this user has access to our repository?
回答1:
<Location /repo>
DAV svn
SVNPath /mnt/svn/repositories/repo
AuthType basic
AuthName "Corporate Repostitory"
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPUrl "ldap://ldap2.vegicorp.net:389 ldap3.vegicorp.net:389/OU=Users,DC=vegicorp,DC=NET?sAMAccountName" NONE
AuthLDAPBindDN "CN=CM,OU=Service Accounts,OU=Users,DC=Vegicorp,DC=NET"
AuthLDAPBindPassword swordfish
Require ldap-group CN=Development,OU=Security Groups,DC=Vegicorp,DC=NET
Require ldap-dn CN=Release Management,OU=Service Accounts,OU=Users, dc=Vegicorp,dc=net
AuthzSVNAccessFile /mnt/svn/repo
</Location>
You do not need quotes on the ldap-dn. Also, you need to remove the double comma in ldap-group "OU=Security Groups,,"
Please refer to http://www.held-im-ruhestand.de/software/apache-ldap-active-directory-authentication
来源:https://stackoverflow.com/questions/24638286/ldap-and-subversion-who-can-access-my-repository