Hello again,
I thought I'd provide an update in case it might spark an idea in someone.
I've managed to get the old repo locations to behave the same as the new
parent path one, in that it just 403s when the userRO tries to GET the root
of the repository he does have some subfolder access. Not id
Hello all,
I'm attempting to move a set of repositories over to using SVNParentPath
for some much needed organization. Currently with our setup, we've got a
separate , each with it's own SVNPath, basic auth, and
AuthzSVNAccessFile, and everything works like I'd expect. However, moving
to a single
David Aldrich wrote on Tue, 20 Aug 2019 12:29 +00:00:
> Does svn path based authorization support nested groups?
>
> group_a = fred,jim
> group_b = jane,@group_a
>
> Best regards
> David
[[[
% cat authz
[groups]
group_a = fred,jim
group_b = jane,@group_a
[/]
* =
@g
Does svn path based authorization support nested groups?
group_a = fred,jim
group_b = jane,@group_a
Best regards
David
gt; Get-ADPrincipalGroupMembership -Identity USER | Format-Table -Property
> SID -AutoSize
> Cycle throug the results and run svnauthz with each resulting line. This
> should in principle give me some hint about the privilege
> But I don't know if VisualSVN grants widest privil
Čibej [mailto:br...@apache.org]
> Sent: Dienstag, 11. Dezember 2018 20:54
> To: Stuempfig, Thomas (DF PL S&SE DE PSM EAI) ;
> users@subversion.apache.org
> Subject: Re: Check Path based authorization
>
> On 11.12.2018 18:40, Stuempfig, Thomas wrote:
>> Hi Brane,
>> wel
>
> -Original Message-
> From: [ext] Stuempfig, Thomas [mailto:thomas.stuemp...@siemens.com]
> Sent: Dienstag, 11. Dezember 2018 17:22
> To: Branko Čibej ; users@subversion.apache.org
> Subject: RE: Check Path based authorization
>
> Hi Brane,
> thank you for the quick
On Wed, Dec 12, 2018 at 9:28 AM Stuempfig, Thomas
wrote:
>
> Hi Brane,
>
> sorry i cannot post the contents of VisualSVN-WinAuthz.ini file since it is
> company security related.
> I will take some time to setup a separate Demo LDAP, but this will take some
> time.
>
> But basically my observati
018 20:54
To: Stuempfig, Thomas (DF PL S&SE DE PSM EAI) ;
users@subversion.apache.org
Subject: Re: Check Path based authorization
On 11.12.2018 18:40, Stuempfig, Thomas wrote:
> Hi Brane,
> well after testing the tool does not actually do what i would like. But it is
> giving me a s
On 11.12.2018 18:40, Stuempfig, Thomas wrote:
> Hi Brane,
> well after testing the tool does not actually do what i would like. But it is
> giving me a starting point / work around.
> I tested the tool with Visualsvn Server on windows
>
>
> Steps to reproduce
> 1) configure basic windows authentic
To: Branko Čibej ; users@subversion.apache.org
Subject: RE: Check Path based authorization
Hi Brane,
thank you for the quick response. This is probably what I would seek for. I'll
test it and will come back with my findings.
Best regards
Thomas
-Original Message-
From: Branko Čibej [mailto:br
users@subversion.apache.org
Subject: Re: Check Path based authorization
On 11.12.2018 10:24, Stuempfig, Thomas wrote:
> Hi all,
> We have a large organization many projects and quite a bit of history
> (10years) with one of the repos… and after a while path based authorization
> becomes quite difficult.
On 11.12.2018 10:24, Stuempfig, Thomas wrote:
> Hi all,
> We have a large organization many projects and quite a bit of history
> (10years) with one of the repos… and after a while path based authorization
> becomes quite difficult.
> I would like to ask if it is possible as an
Hi all,
We have a large organization many projects and quite a bit of history (10years)
with one of the repos… and after a while path based authorization becomes quite
difficult.
I would like to ask if it is possible as an admin to check path based
authorization for a user x (ldap).
It would
Volker Cordes wrote on Fri, Jan 13, 2017 at 18:47:17 +0100:
> Am 13.01.2017 um 15:47 schrieb Daniel Shahaf:
> > Volker Cordes wrote on Fri, Jan 13, 2017 at 10:51:19 +0100:
> >> Hello,
> >>
> >> I have set up path based authorization on a repository. If I ch
Am 13.01.2017 um 15:47 schrieb Daniel Shahaf:
> Volker Cordes wrote on Fri, Jan 13, 2017 at 10:51:19 +0100:
>> Hello,
>>
>> I have set up path based authorization on a repository. If I check out
>> the project, everything works as expected. My problem however is, that
&g
Volker Cordes wrote on Fri, Jan 13, 2017 at 10:51:19 +0100:
> Hello,
>
> I have set up path based authorization on a repository. If I check out
> the project, everything works as expected. My problem however is, that
> if I change permissions of a file / path and then update the
Hello,
I have set up path based authorization on a repository. If I check out
the project, everything works as expected. My problem however is, that
if I change permissions of a file / path and then update the working
copy the files I should have no longer access to are still there. Is
there a
> > Thanks for your answer. So, to be absolutely clear, fred's access is 'rw'?
>
> Yes.
Thanks again,
David
On 28.07.2015 11:23, David Aldrich wrote:
>>> groupA = fred
>>> groupB = fred, jane
>>>
>>> [myRepo:/]
>>> @groupA = rw
>>> @groupB = r
>>>
>>> Is fred's access to myRepo:/ 'rw' or 'r'?
>> The user always gets the union of all rights given her by a rule; in other
>> words, the maximum access right
> > groupA = fred
> > groupB = fred, jane
> >
> > [myRepo:/]
> > @groupA = rw
> > @groupB = r
> >
> > Is fred's access to myRepo:/ 'rw' or 'r'?
>
> The user always gets the union of all rights given her by a rule; in other
> words, the maximum access rights defined in any entry in a rule.
Thanks
On 28.07.2015 10:11, David Aldrich wrote:
> Hi
>
> Path-Based Authorization is described here:
>
> http://svnbook.red-bean.com/nightly/en/svn.serverconfig.pathbasedauthz.html
>
> Having read that description, it is not clear to me what happens in this
> situation:
&g
Hi
Path-Based Authorization is described here:
http://svnbook.red-bean.com/nightly/en/svn.serverconfig.pathbasedauthz.html
Having read that description, it is not clear to me what happens in this
situation:
groupA = fred
groupB = fred, jane
[myRepo:/]
@groupA = rw
@groupB = r
Is fred&#
On 2015-Apr-13, Bert Huijben wrote with possible deletions:
> >
> > Current access file contains:
> >
> > [groups]
> > proj_staff = [...]
> > proj_other = [...]
> >
> > [proj:/]
> > @proj_staff = rw
> > @proj_other = r
> >
> > [proj:/pub]
> > * = r
> > @proj_
> -Original Message-
> From: all-li...@stefan-klinger.de [mailto:all-li...@stefan-klinger.de]
> Sent: zondag 12 april 2015 12:47
> To: users@subversion.apache.org
> Subject: Path-based authorization ignores most specific path
>
> Hello!
>
> --Summary--
&g
Hello!
--Summary--
Path-based authorization seems to not work as documented
currently: The most specific path is *not* used.
Version: server=1.6.17, client=1.8.8 or 1.8.13
Might be a reincarnation of (closed?) Issue 3242:
http://svn.haxx.se/users/archive-2010-01/0124.shtml
http
On 13-09-17 11:26 AM, Tati, Aslesh : Barclaycard US wrote:
I’m trying to setup a path based authorization using different LDAP groups.
Developers should be able to see all repositories and commit to all
repos (the corresponding LDAP group is subversion_developers)
Business users should be able
I'm trying to setup a path based authorization using different LDAP groups.
Developers should be able to see all repositories and commit to all repos (the
corresponding LDAP group is subversion_developers)
Business users should be able to see all repositories but only commit to
spe
ag, 26. November 2012 15:52
An: Jan Keirse
Cc: Markus Karg; users@subversion.apache.org
Betreff: Re: Path-based authorization buggy when using SASL-LDAP
Jan Keirse wrote on Mon, Nov 26, 2012 at 09:42:53 +0100:
> On Mon, Nov 26, 2012 at 9:28 AM, Markus Karg wrote:
>
> > I am using alia
Jan Keirse wrote on Mon, Nov 26, 2012 at 09:42:53 +0100:
> On Mon, Nov 26, 2012 at 9:28 AM, Markus Karg wrote:
>
> > I am using aliases (as typical with LDAP), so the cause you described
> > should not happen. Also, everything is lower case (alias names, group
> > names, etc.). And I do not have
-based authorization buggy when using SASL-LDAP
On Mon, Nov 26, 2012 at 9:28 AM, Markus Karg wrote:
I am using aliases (as typical with LDAP), so the cause you described should
not happen. Also, everything is lower case (alias names, group names, etc.).
And I do not have any relation between
On Mon, Nov 26, 2012 at 9:28 AM, Markus Karg wrote:
> I am using aliases (as typical with LDAP), so the cause you described
> should not happen. Also, everything is lower case (alias names, group
> names, etc.). And I do not have any relation between the rules‘ paths and
> the failing paths, as I
on „force-username-case“. Can you point me
to a description on the web? J
Von: Jan Keirse [mailto:jan.kei...@tvh.com]
Gesendet: Montag, 26. November 2012 09:15
An: Markus Karg
Cc: users@subversion.apache.org
Betreff: Re: Path-based authorization buggy when using SASL-LDAP
On Sat, Nov 24
On Sat, Nov 24, 2012 at 12:12 AM, Markus Karg wrote:
> I wonder why this should produce this effect? I mean, why is it working
> with 99% of all paths, but not with some others?
Say that you are logged in as Markus (instead of markus), if some authz
rules refer to Markus and others refer to mar
17:46
To: Markus Karg
Cc: users@subversion.apache.org
Subject: Re: Path-based authorization buggy when using SASL-LDAP
Just a wild guess: does your username (in AD or as you entered it in the svn
client) have the same case as the authz file? Windows doesn't care but the
authz file
Just a wild guess: does your username (in AD or as you entered it in the
svn client) have the same case as the authz file? Windows doesn't care but
the authz file does.
My apache configuration has this setting to accomodate for this:
AuthzForceUsernameCase lower
I _think_ svnserve can do the same
Hello Subversion Community,
do you know any relationship between LDAP and paths in svn?
I am running svnserve 1.6.12 on Debian 6.0.6 "squeeze" and it works
really well, but now I wanted to switch from plain passwd file to
SASL-LDAP (ActiveDirectory) based authentication and trapped into a
r
On Tue, Oct 2, 2012 at 8:35 AM, Stefan Sperling wrote:
> On Tue, Oct 02, 2012 at 08:01:30AM -0400, Nico Kadel-Garcia wrote:
>> There are also some approaches that can help rigorously manage such
>> configurations. I long for some Subversion developer to write
>> something like the "gitosis" tool,
On Tue, Oct 02, 2012 at 08:01:30AM -0400, Nico Kadel-Garcia wrote:
> There are also some approaches that can help rigorously manage such
> configurations. I long for some Subversion developer to write
> something like the "gitosis" tool, which manages SSH keys for git's
> SSH based access, and whic
On Tue, Oct 2, 2012 at 7:48 AM, Stefan Sperling wrote:
> On Tue, Oct 02, 2012 at 10:57:30AM +0200, david fasani wrote:
>> Hi All,
>>
>> I have a active write-through proxying between a master SVN and 2
>> slaves. I'm looking is there a way to synchronise the path-b
On Tue, Oct 02, 2012 at 10:57:30AM +0200, david fasani wrote:
> Hi All,
>
> I have a active write-through proxying between a master SVN and 2
> slaves. I'm looking is there a way to synchronise the path-based
> authorization, users and groups configuration.
> I searched a
Hi All,
I have a active write-through proxying between a master SVN and 2
slaves. I'm looking is there a way to synchronise the path-based
authorization, users and groups configuration.
I searched a lot on web and found no links telling about how to set it up.
I wonder if anyone would
Am Mittwoch, den 11.01.2012, 15:00 + schrieb Schroeder, Hartmut:
> Hello All!
>
> We use Subversion 1.6.16 on MS Windows Server 2008.
>
> We have a set of 22 repositories and use path based authorization for
> restricting user access. Apache is configured to accept user
Hello All!
We use Subversion 1.6.16 on MS Windows Server 2008.
We have a set of 22 repositories and use path based authorization for
restricting user access. Apache is configured to accept user information via
LDAP (MS Active Directory) and also local defined user.
For some repositories shall
Hi,
yep indeed this was the first thing I tried. Thanks for all the replies.
simply using [myrepo:/foo bar] works.
The error was an unnecessary space in the declaration of the user
group @G_special_group
So a simple typo.
Thank you all again.
Necati
On Wed, Feb 23, 2011 at 6:03 PM, Daniel S
On Wed, Feb 23, 2011 at 5:20 AM, Necati Mercan
wrote:
> Hi,
>
> I'm using svn-version 1.4.6, apache version 2.2.8 on an ubuntu 8.04 LTS.
> On the client side, mostly win xp with tortoisesvn.
>
> The setup is using https and path-based-authorization and everything was
>
On Feb 23, 2011, at 07:12, Necati Mercan wrote:
> I'm using svn-version 1.4.6, apache version 2.2.8 on an ubuntu 8.04 LTS.
Please upgrade; 1.4.x and earlier are not supported anymore.
Necati Mercan wrote on Wed, Feb 23, 2011 at 14:12:19 +0100:
> How do I specify a folder with whitespaces in its name? Tried single
> quotes, double quotes, %20 but to be honest it is irritating.
Have you tested just
[/foo bar]
?
Hi,
I'm using svn-version 1.4.6, apache version 2.2.8 on an ubuntu 8.04 LTS.
On the client side, mostly win xp with tortoisesvn.
The setup is using https and path-based-authorization and everything was
working fine.
Users are separated into different groups, not everyone has access
every
Hi,
if this is an accidental double post, my apologizes.
I'm using svn-version 1.4.6, apache version 2.2.8 on an ubuntu 8.04 LTS.
On the client side, mostly win xp with tortoisesvn.
The setup is using https and path-based-authorization and everything
was working fine.
Users are separated
Hi,
Robert Johnson wrote:
> I'm not sure this is a bug or the documentation is wrong,
> or I'm misunderstanding the concept.
>
> In the SVN doc:
> > Section 6.5 Path-Based Authorization
> > [paint:/projects/paint]
> > jane = r
> > @paint-developers =
> -Original Message-
> From: Johnson, Robert [mailto:r.john...@cgi.com]
> Sent: 25 October 2010 23:59
> To: users@subversion.apache.org
> Subject: Path based authorization
>
> I'm not sure this is a bug or the documentation is wrong, or
> I'm misunderst
6.13 (uses 1.6.12 libs
at runtime)
In the SVN doc:
Section 6.5 Path-Based Authorization
[paint:/projects/paint]
jane = r
@paint-developers = rw
Another important fact is that the first matching rule is the one which
gets applied to a user. In the prior example,
even though Jane is a mem
On Wed, Jul 28, 2010 at 7:59 PM, Luiz Guilherme Kimel wrote:
> Hello there,
>
>
>
> I’m implementing a subversion repository that keeps project management
> artefacts. In other words, we are using SVN for document management. And
> everything was going right until we find that managers need to kee
Hello there,
I'm implementing a subversion repository that keeps project management
artefacts. In other words, we are using SVN for document management. And
everything was going right until we find that managers need to keep status
of allocated human resources salaries and this can't be accesse
On Wed, Jun 16, 2010 at 10:35 PM, Chris Marks wrote:
> Hi,
> We have multiple SVN repositories configured using Apache with SVNParentPath
> and path-based authorization. We also have a build server user that I'd
> like to allow it to create tags for projects regardless of the
Hi,
We have multiple SVN repositories configured using Apache with SVNParentPath
and path-based authorization. We also have a build server user that I'd
like to allow it to create tags for projects regardless of the repository
and project.
We have a standard structure in the repository th
Jon Foster wrote:
Hi,
Didier Trosset wrote:
I have a subversion server running with apache. It authenticates
users using LDAP configuration and uses SVN path-based
authorizations to limit user access to certain repositories.
This works perfectly.
Now, I have a service I want to setup (rietveld
Hi,
Didier Trosset wrote:
> I have a subversion server running with apache. It authenticates
> users using LDAP configuration and uses SVN path-based
> authorizations to limit user access to certain repositories.
> This works perfectly.
>
> Now, I have a service I want to setup (rietveld, for code
On Thu, Apr 29, 2010 at 11:53 AM, vishwajeet singh wrote:
>
>
> On Thu, Apr 29, 2010 at 3:09 PM, Didier Trosset
> wrote:
>>
>> I have a subversion server running with apache. It authenticates users
>> using LDAP configuration and uses SVN path-based authorizations to limit
>> user access to cert
On Thu, Apr 29, 2010 at 3:09 PM, Didier Trosset
wrote:
> I have a subversion server running with apache. It authenticates users
> using LDAP configuration and uses SVN path-based authorizations to limit
> user access to certain repositories. This works perfectly.
>
> Now, I have a service I want
I have a subversion server running with apache. It authenticates users
using LDAP configuration and uses SVN path-based authorizations to limit
user access to certain repositories. This works perfectly.
Now, I have a service I want to setup (rietveld, for code reviews) that
needs to have an a
Just as a FYI: the issue Rob is referring to is the (in)famous issue
3242 - "Subversion demands unnecessary access to parent directories of
operations"
See http://subversion.tigris.org/issues/show_bug.cgi?id=3242
It's a long standing issue, but if I understood correctly a fix is in
progress ...
On Jan 9, 2010, at 12:58 PM, Rob van Oostrum wrote:
> I see now. The path "/project/!svn" makes no sense. It doesn't exist in the
> repository, so that rule doesn't do anything. The !svn is a SVN-internal
> concept. To assign permissions to /project, you need to have to specify:
>
> [/project]
I see now. The path "/project/!svn" makes no sense. It doesn't exist in the
repository, so that rule doesn't do anything. The !svn is a SVN-internal
concept. To assign permissions to /project, you need to have to specify:
[/project]
* = r
Do a search on the old list archives on tigris for some ba
Thanks, but that is incorrect. I have no problem downloading sources with a
single rule of "[/project] *=r", nor do I have a problem correctly resolving
group memberships that a user has assigned to them. As well, I have tested
that a user who is not logged in cannot access the repository.
Ar
Your problem is with Crowd, not authz. Authentication is failing: "Could not
authenticate to server: rejected Basic challenge (https://dev.host.net)"
Check your Crowd configuration/documentation. I'd suggest taking SVN out of
the equation and verifying that your integration with Crowd is working
f
Hello all,
I've been wrestling with getting authz setup in a way that must be somewhat
unconventional all week and was hoping someone here on the list might be able
to offer some insight. The environment is Apache httpd 2.2.3, mod_dav_svn
1.6.6, and Subversion 1.6.6. My configs follow.
So fa
68 matches
Mail list logo
