Patricia A Moss <pmo...@csc.com> wrote on 11/09/2010 09:41:42 AM: > From: Patricia A Moss <pmo...@csc.com> > To: kmra...@rockwellcollins.com > Cc: users@subversion.apache.org > Date: 11/09/2010 09:41 AM > Subject: Re: locking down access to a repository > > > >I don't think you want the "Require valid-user" line, since by > default it uses > >ANY of the Require lines as matches. (And in your case valid-user > matches all > >users so it doesn't care you are also specifying a group and an user.) > > But if I remove that line then no one can access the repository.
I think you also may need to be less specific with your ldapurl (remove the objectclass or use * ??): (Assuming active directory, this is like what I have used in the past) AuthLDAPURL "ldap://ad.example.com/ou=group,dc=example,dc=com?sAMAccountName"; AuthLDAPGroupAttribute member Require ldap-group ... It has been quite awhile since I used ldap groups instead of authz files... This first google hit has some examples: http://www.held-im-ruhestand.de/software/apache-ldap-active-directory-authentication As does this one: http://ramblings.gibberishcode.net/archives/apache-22-and-active-directory-and-group-restrictions/36 Kevin R.