On Tue, Jan 26, 2010 at 3:12 PM, Anja Gawlik <anja.gaw...@cib.de> wrote: > Hello everybody, > > I have subversion running with ldap auth against our active directory. The > normal setup with a require ldap-group worked fine. Now I shall add one > read-only user for nightly builds and it just won't work. Here is my config: > > *************************************************************** > <Location /test> > > DAV svn > SVNPath /svn-repositories/test > #authentication defaults for our repositories > AddDefaultCharset UTF-8 > AuthBasicProvider ldap > AuthType Basic > AuthzLDAPAuthoritative on > AuthName "Subversion " > AuthLDAPURL "ldap://domain.us.com/ou=Users,DC=US,DC=COM?sAMAccountName?sub"; > AuthLDAPBindDN CN=apache,CN=Users,DC=US,DC=COM > AuthLDAPBindPassword somepw > AuthLDAPGroupAttribute member > > > #<Limit GET PROPFIND OPTIONS REPORT> > require valid user > #</Limit> > > <LimitExcept GET PROPFIND OPTIONS REPORT> > require ldap-group CN=intern,CN=Users,DC=US,DC=COM > </LimitExcept> > > > </Location> > **************************************************************** > > For the last 2 days have tried all combinations of Limit and > LimitExcept and require ldap-attribute sAMAccountname=nightlyuser > and all the like, but it just won't work. > > Nightlyuser shall be read-only, all the other ldap-users (who are > in group intern, where nightlyuser is not a member) shall have full > access. > Can somebody help me with this?
That should be "valid-user", and not "valid user". See http://httpd.apache.org/docs/2.2/mod/core.html#require. Also, I hope that "nightlyuser" is a user in the LDAP, somewhere under ou=Users,DC=US,DC=COM ? If you still can't get it to work, I suggest you first try to connect with a regular browser (just surfing to $REPO_URL), and try to authenticate with "nightlyuser" and its password. Just to eliminate your nightly build system from the equation ... HTH Regards, Johan
