On Wed, Mar 31, 2010 at 2:38 PM, Stefan Sperling <s...@elego.de> wrote: > On Wed, Mar 31, 2010 at 02:28:53PM -0700, Aaron Turner wrote: >> On Wed, Mar 31, 2010 at 2:25 PM, Stefan Sperling <s...@elego.de> wrote: >> > On Wed, Mar 31, 2010 at 12:40:13PM -0700, Aaron Turner wrote: >> >> On Wed, Mar 31, 2010 at 12:23 PM, Lee Kaufman >> >> <lee.kauf...@transmetric.com> wrote: >> >> > I have been set the task of setting up SVN and connecting >> >> > Authentication and >> >> > Authorization to our MS Active Directory system. The SVN is now >> >> > running on >> >> > a Debian Linux server. I have successfully set up Authenticated to >> >> > authenticate users who have access to the SVN system based on a Security >> >> > Group in our AD. >> >> > >> >> > The next task is where I am encountering the difficulty is in >> >> > Authorizing >> >> > individual users to read and write to the individual repositories. From >> >> > what I have seen I need I to do this I need a AuthzSVNAccessFile file. >> >> > However I have not been able to find any documentation on how to >> >> > accomplish >> >> > this using AD groups. Below is a simple example. >> >> >> >> Last time I checked, you can't do authorization via LDAP/AD. Just >> >> authentication. Hence the lack of documentation on the subject. >> > >> > Various wrapper scripts exist which generate an authz rules file >> > from data pulled from LDAP/AD directories. I agree that it would >> > be nice to have built-in support for this in mod_authz_svn though. >> >> Do you have a link to such a script? I've occasionally looked for one >> and never found it... was planning on writing one someday, but no >> point in reinventing the wheel. > > Google "svn authz ldap" says: > http://www.thoughtspark.org/node/26
Ah, I was hoping to put path/repo information in the LDAP too. More work, but I'm going to have to basically do the same thing for our TACACS+ server. > This patch to apache httpd also looks interesting: > http://mail-archives.apache.org/mod_mbox/httpd-dev/200912.mbox/%3c4b22cfbe....@gmx.net%3e > Though I didn't check what became of it. Interesting... I might have to ping Christian to find out what happened. -- Aaron Turner http://synfin.net/ Twitter: @synfinatic http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin "carpe diem quam minimum credula postero"
