erg
Sent: Friday, November 10, 2023 5:37 PM
To: Rajesh N
Cc: users@subversion.apache.org
Subject: Re: LDAP authentication not working after the domain controller changed
***ATTENTION: This message was received from an EXTERNAL source.***
Den fre 10 nov. 2023 kl 11:58 skrev Rajesh N
mailto:raj
Den fre 10 nov. 2023 kl 11:58 skrev Rajesh N :
> Hello Team ,
>
> We are using LDAP authentication in SVN and recently we moved old DC to
> new DC (Windows Server 2019 ) .
> After moving Subversion LDAP authentication is not working with the new
> DC, which is causing the old DC
Hello Team ,
We are using LDAP authentication in SVN and recently we moved old DC to new DC
(Windows Server 2019 ) .
After moving Subversion LDAP authentication is not working with the new DC,
which is causing the old DC to fail. But LDAP authentication is working
perfectly when the old DC up
er wants to access.
>
> The apache.conf:
>
>
>
>
> ServerName
>
> ErrorLog /var/log/svn/docs_LDAP_error.log
>
> CustomLog /var/log/svn/docs_LDAP_access.log common
>
>
>
> DAV svn
>
> SVNPath /var/svnrepo/docs
>
>
user wants to access.
The apache.conf:
ServerName
ErrorLog /var/log/svn/docs_LDAP_error.log
CustomLog /var/log/svn/docs_LDAP_access.log common
DAV svn
SVNPath /var/svnrepo/docs
##LDAP
AuthName "docs Repo - Active Directory Authentication"
AuthBasicPro
Yes Johan, I will try and update you once I get some breakthrough
Thank you for your precious help.
On 9/6/17, 5:04 AM, "Johan Corveleyn" wrote:
On Tue, Sep 5, 2017 at 11:31 PM, Kedar Sirshikar (ksirshik)
wrote:
> Yes Brane, I changed the correct subversion configuration file
>
On Tue, Sep 5, 2017 at 11:31 PM, Kedar Sirshikar (ksirshik)
wrote:
> Yes Brane, I changed the correct subversion configuration file
> (/etc/httpd/conf.d/subversion.conf) and I also restarted the server using
> ‘/etc/init.d/httpd restart’ command.
Okay, please take a step back and look around for
anko Čibej , "users@subversion.apache.org"
Subject: Re: Can i read/write(based on LDAP group) to SVN without using
AuthzSVNAccessFile directive
Hi Brane,
I just found out that it is still referring to ‘/var/www/svn/users-access-file’
even after removing it from subversion.conf. I also delete
On 05.09.2017 21:25, Kedar Sirshikar (ksirshik) wrote:
>
> Hi Brane,
>
> I just found out that it is still referring to
> ‘/var/www/svn/users-access-file’ even after removing it from
> subversion.conf. I also deleted ‘users-access-file’ file from
> ‘/var/www/svn’
>
> I even tried commenting below l
sion.apache.org"
Subject: Re: Can i read/write(based on LDAP group) to SVN without using
AuthzSVNAccessFile directive
Thank you, Brane, for your reply.
I updated subversion.conf to include group’s attribute memberUid
AuthLDAPURL
ldaps://ldap_l.cisco.com:10648/dc=sprint,dc=com?
re groups and users.
>
> http://grokbase.com/t/subversion/users/1477dcf8yc/how-to-control-access-of-a-subversion-repo-subfolder-via-ad-groups/oldest#responses_tab_top
>
> https://github.com/whitlockjc/sync-ldap-groups-to-svn-authz
>
>
>
> Now, I am little confused about whether
:: e1NTSEF9Qi94UDJVK3dtbWFDQW5hRVR5ZW1uL2RnenFudnBMdlNoaUxkOFE9P
Q==
2. I included cn in ‘Require ldap-group’ at line 43 in subversion.conf
Require ldap-group cn=Admin,ou=groups,dc=sprint,dc=com
3. I also tried turning ‘AuthLDAPGroupAttributeIsDN’ attribute on and off.
But none of the above attempt
ttpd/conf.d/subversion.conf’
> files for your reference.
>
> I have also attached ‘sssd.conf’ (to interact with LDAP).
>
>
>
> Still I have not been able to grant read access to gidNumber: 500 and
> read/write access to gidNumber: 491 from ldap.
>
> Do you see any o
Hi Brane,
Thank you for reply.
I am providing some inputs about my experiement as of now.
I am using ‘httpd-2.2.15-54.el6.centos.x86_64’ httpd.
I have attached ldif file and ‘/etc/httpd/conf.d/subversion.conf’ files for
your reference.
I have also attached ‘sssd.conf’ (to interact with LDAP
On 04.08.2017 18:39, Kedar Sirshikar (ksirshik) wrote:
>
> Hi team,
>
> I need some help on integration of SVN, Apache and LDAP.
>
>
>
> Currently we are using ‘/var/www/svn/users-access-file’ to store SVN
> admin users.
>
> Problem with this approach is if
Hi team,
I need some help on integration of SVN, Apache and LDAP.
Currently we are using ‘/var/www/svn/users-access-file’ to store SVN admin
users.
Problem with this approach is if new admin users are added in LDAP then we have
to change above file as well (for adding new users).
Also, storing
On Thu, Jul 20, 2017 at 9:05 AM, Nico Kadel-Garcia wrote:
> On Wed, Jul 19, 2017 at 11:04 PM, Nathan Hartman
> wrote:
> >> On Jul 19, 2017, at 10:08 PM, Nico Kadel-Garcia
> wrote:
> >>
> >> Yup. I don't do it every week, or even every month. Frankly, as
> >> Subversion has been falling in popul
On Wed, Jul 19, 2017 at 11:04 PM, Nathan Hartman
wrote:
>> On Jul 19, 2017, at 10:08 PM, Nico Kadel-Garcia wrote:
>>
>> Yup. I don't do it every week, or even every month. Frankly, as
>> Subversion has been falling in popularity,
>
> I think that's like the BSD is dying myth. While it's true that
Nico Kadel-Garcia wrote on Wed, 19 Jul 2017 22:08 -0400:
> This subscriber is new, and having difficulty with Apache
> configurations. Since that's so often been so awkward, and this is
> *another* reason to migrate away from it, I made sure that *he*
> thought about the functional, less complex to
> On Jul 19, 2017, at 10:08 PM, Nico Kadel-Garcia wrote:
>
> Yup. I don't do it every week, or even every month. Frankly, as
> Subversion has been falling in popularity,
I think that's like the BSD is dying myth. While it's true that hype, Linus's
blessing, and the availability of GitHub have t
On Wed, Jul 19, 2017 at 12:24 PM, Stefan Sperling wrote:
> On Tue, Jul 18, 2017 at 08:58:26PM -0400, Nico Kadel-Garcia wrote:
>> The other blocking factor, for me, was the default behavior of the
>> Subversion client of storing the HTTP or HTTPS access passwords in
>> cleartext. It's gotten better
On Tue, Jul 18, 2017 at 08:58:26PM -0400, Nico Kadel-Garcia wrote:
> The other blocking factor, for me, was the default behavior of the
> Subversion client of storing the HTTP or HTTPS access passwords in
> cleartext. It's gotten better orver time, notifying users better of
> the risks, but the def
The complexities of HTTPD/mod_auth_svn integration and its complex
integration alterations between releases of Subverison are only some
of the reasons I gave up on HTTP based access to Subversion years ago,
and switched to svn+ssh. There are uses for web access to Subversion,
but most of them are b
lso suggest you add the HEAD method to the LimitExcept
> > directive.
> >
> >
> >
> > As this does not work and bypassing AuthzSVNAccessFile and gives repo
> > access to all valid users which exsits in LDAP directory. Does
> > somebody know why it is
ll
> AuthUserFile /dev/null
>
>
> then add
>
> Satisfy all
>
>
> I also suggest you add the HEAD method to the LimitExcept
> directive.
>
>
>
> As this does not work and bypassing AuthzSVNAccessFile and gives repo
ll
>>
>>
>> I also suggest you add the HEAD method to the LimitExcept directive.
>>
>>
>>
> As this does not work and bypassing AuthzSVNAccessFile and gives repo
access to all valid users which exsits in LDAP directory. Does somebody
know why it is causing this? Thanks
Ravi.
>
>
> You should remove these lines:
>
> Satisfy any
> Order allow,deny
> Allow from all
> AuthUserFile /dev/null
>
>
> then add
>
> Satisfy all
>
>
> I also suggest you add the HEAD method to the LimitExcept directive.
>
>
>
Thanks Branko for quick response, i've added updated
On 17.07.2017 14:09, Ravi Roy wrote:
> Hi
>
> I've been using Apache httpd 2.2.23 with Subvesion 1..6.21 with LDAP
> on CentOS 5.11 (old setup) for years now. Recently we planned to
> upgrade to Subversion 1.9.x with Apache httpd 2.4.x, i've prepared the
> setup as
Hi
I've been using Apache httpd 2.2.23 with Subvesion 1..6.21 with LDAP on
CentOS 5.11 (old setup) for years now. Recently we planned to upgrade to
Subversion 1.9.x with Apache httpd 2.4.x, i've prepared the setup as per
the following with LDAP support :
1) compiled and installed Apa
Hi,
well we're not using the authz-file but path-based authentication like:
Include conf/ldap_auth_credentials.conf
AllowOverride None
SVNPath /disk01/svn/repositories/repo01
# READ/WRITE
Require ldap-group CN=a_write_gro
Julian Zielke wrote on Tue, May 09, 2017 at 08:26:43 +:
> Well this doesn't help me much because unlike Git, SVN doesn't use file-based
> repositories but an internal database.
> svnauthz accessof only allows file-urls but not repository URLs.
The file:// URLs are one of specifying the path t
t: Samstag, 6. Mai 2017 04:01
An: Julian Zielke
Cc: users@subversion.apache.org
Betreff: Re: SVN Login using LDAP works, but files inside path not visible
Julian Zielke wrote on Fri, May 05, 2017 at 07:08:05 +:
> [...] I only see the ".." Link for jumping up one directory.
>
Julian Zielke wrote on Fri, May 05, 2017 at 07:08:05 +:
> [...] I only see the ".." Link for jumping up one directory.
>
> Using another user which also has permissions for all directories above, I
> can see those files inside.
>
> So this might be a lack of permissions but I don't know wher
Hi,
I'm running an SVN using path-based authentication against our Samba Sernet AD.
So far everything is working fine but now I had to restrict access for a
certain group for a specific path.
I've added the necessary lines in our apache2 configuration and reloaded it.
Authentication with the ne
Hello group,
I've created an LDAP-authz sync tool.
I'm aware there are similar projects out there, but I didn't find any of
them working satisfactory so I created a new one.
Anyway - this one is written in Python and should work in both version 2
and 3.
https://github.com/rbw0/a
Hello Wlllem,
On Mon, Nov 28, 2016 at 2:58 PM, Wlllem Dalen wrote:
>
> ssl-access_log:
>
> - - [28/Nov/2016:12:40:59 +0100] "GET /svn/se/ HTTP/1.1" 401 381
> - [28/Nov/2016:12:41:12 +0100] "GET /svn/se/ HTTP/1.1" 403 209
> [28/Nov/2016:12:41:12 +0100] "GET /favicon.ico HTTP/1.1" 404 209
>
>
> s
On 28.11.2016 12:58, Wlllem Dalen wrote:
> It seems that is an authorization error. When i remove
> *AuthzSVNAccessFile /etc/httpd/conf/dav_svn.acl*
If that's the case, then this has nothing to do with LDAP — that's used
of authentication, not authorization.
The most likely re
Hi,
Everything i tried and in tried, but it won’t work.
ErrorDocument 404 default
DAV svn
SVNParentPath /data/svn
SVNListParentPath off
AuthType Basic
AuthBasicProvider ldap
# file
AuthName "SVN"
AuthzSVNAccessFile /etc/httpd/conf/d
We scan our LDAP server, and generate group information from that, and
then apply that to our version control servers.
Eric.
On 5/24/16 12:51 AM, Dariusz Nowak wrote:
Hello,
I'm new in subversion world and tried to research something yesterday
- without success, so decided to post
On 24.05.2016 09:51, Dariusz Nowak wrote:
>
> Hello,
>
>
> I'm new in subversion world and tried to research something yesterday
> - without success, so decided to post here. My question is related to
> authentication using LDAP.
>
>
> My scenario is that I
Hello,
I'm new in subversion world and tried to research something yesterday - without
success, so decided to post here. My question is related to authentication
using LDAP.
My scenario is that I will require 2 auth methods (passwd + ldap) all of
services (like Jenkins) will use p
Hi Anup,
On Thu, Oct 16, 2014 at 3:33 AM, Somashekarappa, Anup (CWM-NR) <
anup.somashekara...@rbc.com> wrote:
> Hello,
>
> Apache will start up properly but user who belongs to domain1 are able to
> login but users of domain2 are not able to login.
>
> Expected result : users of both domain shou
tails have been mentioned below.
Apache = 2.2
SVN = 1.7
Thanks & Regards,
Anup T S
From: Eric Johnson [mailto:e...@tibco.com]
Sent: 2014, October, 15 1:13 PM
To: Somashekarappa, Anup (CWM-NR)
Cc: users@subversion.apache.org
Subject: Re: Ldap
This is could b
d, or is Apache failing to start up? What versions of Apache
& Subversion? What have you done to isolate the problem?
Eric
On Wed, Oct 15, 2014 at 9:14 AM, Somashekarappa, Anup (CWM-NR) <
anup.somashekara...@rbc.com> wrote:
>
>
> Hi,
>
> We are using the below mentioned c
Hi,
We are using the below mentioned configuration for multiple ldap domain
authentication but one of the domain(ldap2) is not working.
May I know what is wrong with this?
==
LoadModule dav_svn_module
> -Original Message-
> From: Aleš Vojáček [mailto:avoja...@fblgroup.cz]
> Sent: 26 July 2014 08:18
> To: users@subversion.apache.org
> Subject: Apache + svn + ldap + https
>
> Hi all,
> Can you tell me, which apache modules are needed for svn + ldap auth +
> h
Hi all,
Can you tell me, which apache modules are needed for svn + ldap auth +
https, please?
I need that instalation as light as possible.
Thank you a lot.
A.
ng mpm_winnt with LDAP authentication. We have
> been experiencing this issue 2 or 3 times a week since upgrading to
> Subversion 1.8. The issue continued for us through the following version:
>
> [...]
>
> I am reluctant to fiddle any more with these settings to affirm this
Another thread with subject "Re: Subversion 1.8 httpd.exe taking 100% CPU"
describes a 100% CPU condition that sporadically occurs in the single httpd
child process when using mpm_winnt with LDAP authentication. We have been
experiencing this issue 2 or 3 times a week since up
hi,
i was wondering, what is the best possibility to use ldap groups for
authorizing access to svn on repositories itself, as well as on directory
level. authentication is done via ssh as described in the documentation, no
need to do this via ldap.
i saw:
http://svnbook.red-bean.com/en/1.7
case can be closed by also setting "SVNAllowBulkUpdate off" but that
doesn't help the COPY or MOVE cases. So in general, there's really not a great
reason to use the off setting.
I'd like to thank you, Ben.
With short_circuit (and LDAP caching mentioned be
Why not set up a local reliable LDAP server which proxies requests from the
remote unreliable site? This could then be set up to perform the necessary
authentication if/when the remote site is unavailable.
That would minimise the configuration required within Subversion by addressing
the
Hello all,
it's my first time posting, please bear with me.
I have setup a svn repository served trough apache httpd with the
mod_dav_svn module with a double authentication scheme: LDAP first then
file.
Unfortunately the network connection to the LDAP server hosted on another
machine i
> From: "Ben Reser" Sent: Friday, October 18, 2013 1:51:56 PM
> On 10/18/13 10:01 AM, Naumenko, Roman wrote:
> > What I noticed is that svn server making a request for each svn URI or
> > operation, which neither LDAP server likes nor users that could be
>
On 10/18/13 12:46 PM, Naumenko, Roman wrote:
> But there are still checks (or maybe this is just info log) against
> access-file for each path in repository.
> Is it something expected or enabled somewhere by default?
>
> [Fri Oct 18 15:35:52 2013] [info] [client 10.11.11.18] Access granted:
> '
On 2013/10/18 1:51 PM, Ben Reser wrote:
> On 10/18/13 10:01 AM, Naumenko, Roman wrote:
>> What I noticed is that svn server making a request for each svn URI or
>> operation, which neither LDAP server likes nor users that could be
>> waiting for their turn to be authenticated
On 10/18/13 10:01 AM, Naumenko, Roman wrote:
> What I noticed is that svn server making a request for each svn URI or
> operation, which neither LDAP server likes nor users that could be
> waiting for their turn to be authenticated and see delays in svn server
> response.
>
&
Hi,
There is a simple setup for svn users authentication on the server using
LDAP.
DAV svn
SVNListParentPath on
SVNParentPath /path_to_data
SVNListParentPath on
AuthzSVNAccessFile /path_to_accessfile/accfile
AuthzLDAPAuthoritative off
On 13-09-17 11:26 AM, Tati, Aslesh : Barclaycard US wrote:
I’m trying to setup a path based authorization using different LDAP groups.
Developers should be able to see all repositories and commit to all
repos (the corresponding LDAP group is subversion_developers)
Business users should be able
I'm trying to setup a path based authorization using different LDAP groups.
Developers should be able to see all repositories and commit to all repos (the
corresponding LDAP group is subversion_developers)
Business users should be able to see all repositories but only commit to
spe
August 2013 12:21
An: users@subversion.apache.org
Betreff: svnserve: could not find auxprop plugin, was searching for 'ldap'
(1.8.1, linux, from source)
The error:
svnserve: could not find auxprop plugin, was searching for 'ldap'
is appearing in /var/log/auth.log
whenever
The error:
svnserve: could not find auxprop plugin, was searching for 'ldap'
is appearing in /var/log/auth.log
whenever I try to log in. It always fails.
Test setup: I am opening Tortoise-SVN repo-browser on a Windows client machine
with a svn:// URL pointing to my new subversion
Hi,
So I have started migrating to a new Subversion server. Our developers use
DAV and I would like to implement LDAP for authentication. My experience
with LDAP is a little limited, but there seem to be some good HowTos for
LDAP + Apache + SVN. Have you configured password policies with LDAP
ag, 26. November 2012 15:52
An: Jan Keirse
Cc: Markus Karg; users@subversion.apache.org
Betreff: Re: Path-based authorization buggy when using SASL-LDAP
Jan Keirse wrote on Mon, Nov 26, 2012 at 09:42:53 +0100:
> On Mon, Nov 26, 2012 at 9:28 AM, Markus Karg wrote:
>
> > I am using alia
Jan Keirse wrote on Mon, Nov 26, 2012 at 09:42:53 +0100:
> On Mon, Nov 26, 2012 at 9:28 AM, Markus Karg wrote:
>
> > I am using aliases (as typical with LDAP), so the cause you described
> > should not happen. Also, everything is lower case (alias names, group
> > names,
-based authorization buggy when using SASL-LDAP
On Mon, Nov 26, 2012 at 9:28 AM, Markus Karg wrote:
I am using aliases (as typical with LDAP), so the cause you described should
not happen. Also, everything is lower case (alias names, group names, etc.).
And I do not have any relation between
On Mon, Nov 26, 2012 at 9:28 AM, Markus Karg wrote:
> I am using aliases (as typical with LDAP), so the cause you described
> should not happen. Also, everything is lower case (alias names, group
> names, etc.). And I do not have any relation between the rules‘ paths and
> the faili
I am using aliases (as typical with LDAP), so the cause you described should
not happen. Also, everything is lower case (alias names, group names, etc.).
And I do not have any relation between the rules‘ paths and the failing paths,
as I said initially.
Also, I did not find a documentation
On Sat, Nov 24, 2012 at 12:12 AM, Markus Karg wrote:
> I wonder why this should produce this effect? I mean, why is it working
> with 99% of all paths, but not with some others?
Say that you are logged in as Markus (instead of markus), if some authz
rules refer to Markus and others refer to mar
17:46
To: Markus Karg
Cc: users@subversion.apache.org
Subject: Re: Path-based authorization buggy when using SASL-LDAP
Just a wild guess: does your username (in AD or as you entered it in the svn
client) have the same case as the authz file? Windows doesn't care but the
authz file
n Fri, Nov 23, 2012 at 4:50 PM, Markus Karg wrote:
> Hello Subversion Community,
>
> ** **
>
> do you know any relationship between LDAP and paths in svn?
>
> ** **
>
> I am running svnserve 1.6.12 on Debian 6.0.6 „squeeze“ and it works really
> well, but now I
Hello Subversion Community,
do you know any relationship between LDAP and paths in svn?
I am running svnserve 1.6.12 on Debian 6.0.6 "squeeze" and it works
really well, but now I wanted to switch from plain passwd file to
SASL-LDAP (ActiveDirectory) based authentication and trap
What confused me was the lack of mod_ldap.so, etc in the package. I do see it
does work though.
--
David Weintraub
da...@weintraub.name
On Oct 11, 2012, at 12:23 PM, Bob Archer wrote:
>> We recently downloaded CollabNet's Subversion server package with Apache
>> integration
On Thu, Oct 11, 2012 at 12:17 PM, David Weintraub wrote:
> We recently downloaded CollabNet's Subversion server package with
> Apache integration. Is LDAP support included in that package. It
> didn't appear to be.
It includes Apache LDAP modules if that is what you mean. Bo
> We recently downloaded CollabNet's Subversion server package with Apache
> integration. Is LDAP support included in that package. It didn't appear to be.
>
> --
> David Weintraub
> qazw...@gmail.com
If you are talking about Subversion Edge then the answer i
We recently downloaded CollabNet's Subversion server package with
Apache integration. Is LDAP support included in that package. It
didn't appear to be.
--
David Weintraub
qazw...@gmail.com
ss, and no access to anyone outside
> these 2 groups.
>
> Can you please help me with this issue
...
>
> DAV svn
> SVNParentPath /mnt/data/svn
> SVNListParentPath on
> SSLRequireSSL
> AuthzLDAPAuthoritative off
> AuthName "Protected area"
> AuthType Basic
&
> -Original Message-
> From: sdevinen [mailto:sriharsha.w...@gmail.com]
> Sent: 08 May 2012 19:50
> To: users@subversion.apache.org
> Subject: SVN+LDAP+APache Access issue.
>
>
> Hi All,
>
> I am new to SVN Administration. I am trying to setup access
DAV svn
SVNParentPath /mnt/data/svn
SVNListParentPath on
SSLRequireSSL
AuthzLDAPAuthoritative off
AuthName "Protected area"
AuthType Basic
AuthBasicProvider ldap
AuthLDAPUrl "ldap://ldap.x.com/ou=People,DC=x,DC=com";
Require valid-user
require ldap-group cn=svn-x,
]
> @group2 = rw
>
>
> is there any way to provide LDAP groups in this auth files instated of
> adding users it to manually
You can automate it with a script that writes your LDAP groups into
the auth file.
http://www.thoughtspark.org/node/26
Subversion itself has no knowledge of
Hi guys
i have svn auth file like following
--
[groups]
group1=user1,user2
group2=user3,user4
[svn:/svn/repo1]
@group1 = rw
[wso2:/svn/repo2]
@group2 = rw
--
is there any way to provide LDAP groups in this auth files instated of
adding
Dear SVN experts,
I would like to ask, how to setup subversion to work with sasl and LDAP
(LDAP server I am not able to reconfigure and runs on another machine)
I was tested this configuration on the MAC OS X machine where svn repositories
with conf/paswd file plain password authentication
Philipp Gühring wrote on Wed, Feb 29, 2012 at 12:31:36 +0100:
> Hi,
>
> I am having a problem with Subversion+LDAP:
> I have a repository with approximately a million files.
> The subversion client sends every file a HTTP request to the Apache server.
What kind of requests? GET
Dear Subversion experts,
I am looking to authentificate my subversion 1.6.17(r1128011) repositories
against LDAP server. Svnserve running on MAC OS 10.6(Snow Leopard) machine
LDAP authentification on the another Mac minis works well. I am not to allow
login via LDAP acounts to PC where
Hi,
I am having a problem with Subversion+LDAP:
I have a repository with approximately a million files.
The subversion client sends every file a HTTP request to the Apache server.
I am using LDAP authentication for Apache+Subversion.
mod_ldap caches some searches, but it still does one LDAP
I've not used LDAP in this way, but two things:
Owen Loy wrote on Thu, Jan 05, 2012 at 14:07:58 -0800:
> [aliases]
> svnaccess = CN=svngroup,CN=groups,DC=example,DC=com
>
I don't think you can use groups this way, since the file parser isn't
aware of the semantics of
You might try this to sync your authz file to an ldap group, it will write
in the entries for you, nice way to avoid issues with syntax perhaps?
http://www.thoughtspark.org/node/26
Never used it myself, meant to try it, but I've heard good things.
-Pat
On Thu, Jan 5, 2012 at 3:07 PM, Owe
Hi there,
I'm wondering if my desired setup is possible:
1. Using svn+ssh
2. Using pam_ldap to handle SSH access
3. Using authz-db to handle ACL (against LDAP accounts)
I'm running into a problem with #3. My current test setup is as follows:
svnserve.conf:
-
[gene
I've gotten it so that svnserve authenticates users using SASL/LDAP.
However, it appears that all users have access to commit to the repository
-- it's
time for access control.
What I would like to do is set up access control based on LDAP-defined
groups:
svn-pull: members of this gr
It is my understanding (and experience) that, when running svnserve on
Windows, SASL authentication to Active Directory cannot work, because
SASL requires saslauthd for its LDAP support and saslauthd will not
build in Windows. While this is obviously an issue for Cyrus/SASL,
noone seems to be
On Tue, Sep 6, 2011 at 11:50 AM, Daniel Shahaf wrote:
>> And in both, how do I know if someone is in one domain or the other?
>> Do they need to prefix their login with the domain?
>>
>
> Why do you need to know that?
There might be two different users with the same id in each domain.
For example
ion. Subversion uses Apache httpd.
>
> First in Subversion: We have the following setup for the "mfxdomain":
>
>
> DAV svn
> SVNParentPath /opt/cm/svn_repos
> AuthType basic
> AuthName "MFX Repository"
>
ion uses Apache httpd.
>
> First in Subversion: We have the following setup for the "mfxdomain":
>
>
> DAV svn
> SVNParentPath /opt/cm/svn_repos
> AuthType basic
> AuthName "MFX Repository"
> AuthBasicProvider l
the "mfxdomain":
DAV svn
SVNParentPath /opt/cm/svn_repos
AuthType basic
AuthName "MFX Repository"
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPURL
"ldap://mfxdomain.mycompany.com:3268/dc=mycompany,dc=
Hey guys,
I have a big problem here.
I was planning to use this configration below in my subversion + apache
server. I use a LDAP server to authenticate, and my intention was to use
LDAP groups do stabilish authorization to some project folders. As you can
see below, I wish to make the folder
Nico Kadel-Garcia wrote:
>> $ export `gnome-keyring-daemon`
>
> Good, but ouch. Let's try adding a bit of rigor, shall we? First,
> before running such a daemon, always check that it actually exists,
> where you expect it to exist. Running random commands that will handle
> passwords which may ha
On Mon, Aug 2, 2010 at 8:22 AM, Nico Kadel-Garcia wrote:
> Good, but ouch. Let's try adding a bit of rigor, shall we? First,
> before running such a daemon, always check that it actually exists,
> where you expect it to exist. Running random commands that will handle
> passwords which may have bee
On Sun, Aug 1, 2010 at 1:37 PM, Mark Phippard wrote:
> On Sun, Aug 1, 2010 at 12:59 PM, Nico Kadel-Garcia wrote:
>>> AFAIK it's possible to run gnome-keyring without X.
>>
>> It's painful. Take a glance at
>> http://superuser.com/questions/141036/use-of-gnome-keyring-daemon-without-x,
>> which do
On Sun, Aug 01, 2010 at 12:59:08PM -0400, Nico Kadel-Garcia wrote:
> >> I've given a few specific examples. While it's gotten better and
> >> you've addressed some of my concerns, my overall concerns still stand.
> >> Cleartext password storage is a big problem, frequently ignored by
> >> deployers
On Sun, Aug 01, 2010 at 12:59:08PM -0400, Nico Kadel-Garcia wrote:
> Or as a 3rdparty add-on. anoncvs doesn't cut it: using a shell script
> as a restricted shell is begging for people to break out of the shell
> and gain command line access.
Shell script? You didn't even bother looking at the fil
1 - 100 of 164 matches
Mail list logo
