发表新帖
发表新帖

How do I restrict Apache/SVN access to specific users (LDAP/file-based authentication)?

前端 未结
关注
3 833
自闭症患者
自闭症患者 2020-12-28 23:58

I have Apache/SVN running on Windows Server 2003 with authentication via LDAP/Active Directory and a flat-file.

It\'s working great except that any LDAP use

相关标签:
3条回答
  • 暗喜
    2020-12-29 00:03

    Another alternate method for anyone else who is interested:

    Require ldap-group cn=SVN Users,cn=Users,dc=company,dc=com

    This is assuming you created a group called SVN Users in Active directory. Notice that there are no double quotes around the group.

    Use that instead of Require valid-user

    Then you probably don't have to restart apache anytime you have any changes, just add the user to the group in AD

    0 讨论(0)
  • 挽巷
    2020-12-29 00:06

    This was actually a lot easier than I thought it would be. I added this to my location:

    <Location /svn>
  ...
  AuthzSVNAccessFile "conf/svn-authz.txt"
</Location

    In that file, I just specified normal SVN permissions (the system doesn't seem to distinguish between file users and LDAP users at this point):

    [groups]
@admin = haren

###
### Deny all but administrators to the tree
###

[/]
* =
@admin = rw


###
### Allow more specific people on a per-repository basis below
###

[repo1:/]
ldap-user1 = rw
file-user1 = rw

[repo2:/]
ldap-user2 = rw
file-user2 = rw

    I'm still playing around with the LDAP group syntax to get that part working. Any suggestions there are appreciated.

    0 讨论(0)
  • 情歌与酒
    2020-12-29 00:11

    You should not use 

    Require valid-user

    but use 

    Require group
    0 讨论(0)
 看不清?
提交回复
热议问题