Web based SVN client

2017-03-21 Thread Matthew Hamilton 
I have what I hope is a quick and simple question.

We have a requirement that we have some developers who do not have a laptop
nor a Citrix VDI and they need to be able to be able to make changes to
code within SVN.  They have asked me if there are any applications which
would run in Tomcat/JBoss/WebSphere and allow them to work with code in
SVN.  The closest thing that I was able to locate was "WebClient for SVN"
by Polarion Software:
https://polarion.plm.automation.siemens.com/products/svn/svn_webclient.

Thanks

-- 

Matthew Hamilton

Question regarding mod_authnz_svn configurations

2014-03-14 Thread Matthew Hamilton 
I have read the Subversion book regarding the configuration of
mod_authnz_svn and mod_dav_svn for apache as the Subversion server.

I am making use of mod_authnz_ldap to restrict access to our repositories
based on ldap-group membership and we are using Active Directory as our
LDAP server.

I want to also be able to set up path-based authorization and have the
access based on the users ldap-group membership.

I.E. currently the AuthzSVNAccessFile has the [groups] section but the only
valid value that seems to work is the user name that the user authenticated
with.

[groups]
proj1-devs = marry, jane, jim, bob
proj2-dev = jill, jack, alex

[proj1:/]
proj1-devs = rw
proj2-devs = r

[proj2:/]
proj1-devs = r
proj2-devs = rw


I would like to be able to define the groups based on ldap groups

[groups]
proj1-devs = CN=proj1_developers,ou=ldap,dc=mycorp,dc=com
proj2-devs = CN=proj2_developers,ou=ldap,dc=mycorp,dc=com

[proj1:/]
proj1-devs = rw
proj2-devs = r

[proj2:/]
proj1-devs = r
proj2-devs = rw


This way we don't have to update the access file each time a new user is
added to the ldap group.


Are there any plans to introduce this kind of functionality to
mod_authnz_svn?

Thanks

-- 

Matthew Hamilton

Re: Question regarding mod_authnz_svn configurations

2014-03-14 Thread Matthew Hamilton 
Below is my apache config for SVN:

httpd.conf:
   
  # mod_dav_svn configuration
  DAV svn
  SVNParentPath /opt/web/subversion/repos

  # mod_authn_core configuration
  AuthType Basic
  AuthName "Authorized Developers Only"

  # mod_auth_basic
  AuthBasicProvider ldap

  # mod_authnz_ldap configuration
  # LDAP Authentication & Authorization is final; do not check other
databases
  AuthLDAPBindAuthoritative on
  AuthLDAPBindDN CN=LDAPBINDSVN,OU=LDAP,DC=mycorp,DC=com
  AuthLDAPBindPassword [redacted]
  # The LDAP query URL
  AuthLDAPURL "ldap://
ldap.mycorp.com:3268/DC=mycorp,DC=com?sAMAccountName?sub?(objectClass=*)"

  # mod_authnz_svn configuration
  AuthzSVNAccessFile /opt/web/httpd/conf/extra/svn-access.conf

  Require valid-user
   

   # Access control to individual SVN repositories based on URL path.
   
  Require ldap-group CN=SVN_POC_DEVS,OU=LDAP,DC=mycorp,DC=com
  Require ldap-group CN=SVN_POC_MGRS,OU=LDAP,DC=mycorp,DC=com
   

   # Access control to individual SVN repositories based on URL path.
   
  Require ldap-group CN=SVN_POC_DEVS,OU=LDAP,DC=mycorp,DC=com
  Require ldap-group CN=SVN_POC_MGRS,OU=LDAP,DC=mycorp,DC=com
   

   # Access control to individual SVN repositories based on URL path.
   
  Require ldap-group CN=SVN_POC_DEVS,OU=LDAP,DC=mycorp,DC=com
  Require ldap-group CN=SVN_POC_MGRS,OU=LDAP,DC=mycorp,DC=com
   

-

svn-access.conf
[aliases]
poc_devs = CN=SVN_POC_DEVS,OU=LDAP,DC=mycorp,DC=com
poc_mgrs = CN=SVN_POC_MGRS,OU=LDAP,DC=mycorp,DC=com

[groups]
poc_dev = &poc_devs
poc_mgr = &poc_mgrs

[webadmin:/]
poc_dev = rw
poc_mgr = r

[jenkinsAdmin:/]
poc_mgr = rw
poc_dev = r

[middlewareAutomation:/]
poc_dev = rw
poc_mgr = r

---

My ID "mhamilton" is part of the group SVN_POC_DEVS and as part of the test
I am requiring that the repository access requires the user to at least be
part of one of the two groups.  In the above configuration I get the
following error message in the apache error log file:

[Fri Mar 14 10:43:10.754361 2014] [authz_svn:error] [pid 4993:tid
139652358960896] [client 172.21.48.120:59293] Access denied: 'mhamilton'
GET webadmin:/
[Fri Mar 14 10:43:12.549245 2014] [authz_svn:error] [pid 4993:tid
139652379940608] [client 172.21.48.120:59293] Access denied: 'mhamilton'
GET webadmin:/
[Fri Mar 14 10:43:19.994583 2014] [authz_svn:error] [pid 4993:tid
139652369450752] [client 172.21.48.120:59293] Access denied: 'mhamilton'
GET jenkinsAdmin:/
[Fri Mar 14 10:43:27.922455 2014] [authz_svn:error] [pid 4993:tid
139652270913280] [client 172.21.48.120:59293] Access denied: 'mhamilton'
GET middlewareAutomation:/

If I change the groups section to the following:
[groups]
poc_dev = mhamilton,aobst
poc_mgr = jvogel,rsebaugh

and the repo sections to the following:
[webadmin:/]
@poc_dev = rw
@poc_mgr = r

[jenkinsAdmin:/]
@poc_mgr = rw
@poc_dev = r

[middlewareAutomation:/]
@poc_dev = rw
@poc_mgr = r

It works (but only if I prefix the group names with "@" in the repo
section.  I tried this with the groups defined using the aliases and I get
the same access denied messages.


>
-- 

Matthew Hamilton