Might be better to ask this on the *...@httpd.apache.org lists?
Dale Bohl wrote on Mon, Nov 15, 2010 at 07:39:59 -0600: > Hello, > > > > I've been banging my head on this one for 2 days now. > > I've googled this issue but it appears not many admins are using this > and/or > > it could possibly be a bug in the apache module. > > > > Config > > ------ > > Red Hat Enterprise Linux Server release 5.5 (Tikanga) > > Server version: Apache/2.2.3 > > svn, version 1.6.12 (r955767) > > Windows 2008 R2 > > > > It appears that we cannot use Active Directory Permissions Groups > > with the s-svn server for Subversion repository authentication and > authorization > > but yet AD Role groups work just fine. > > > > subversion.conf config for "puppet" repository > > ------------------------------------------------ > > #================puppet repo=================================== > > <Location /puppet> > > DAV svn > > SVNPath /repos/puppet > > AuthPAM_Enabled on > > AuthType Basic > > AuthName "Subversion Authentication to AD" > > > > # Limit R/W access to certain role groups > > <LimitExcept GET PROPFIND OPTIONS REPORT> > > # Require group SVN-Puppet-ReadWrite-P > > Require group IT-InfrastructureTeam-SystemAdministrator-R > > </LimitExcept> > > > > # Limit R/O access to certain role group > > <Limit GET PROPFIND OPTIONS REPORT> > > # Require group SVN-Puppet-ReadWrite-P > > Require group IT-InfrastructureTeam-SystemAdministrator-R > > </Limit> > > </Location> > > > > The interesting thing is that AD Role Groups appear to work fine within > > the Location directive config above which shows the role group for which > > I'm a member. > > > > If the above config is changed to use the Permissions group shown > commented > > out, authentication doesn't work and when that happens I'm seeing the > following > > error in ssl_error_log. > > > > [Fri Nov 12 13:10:18 2010] [error] [client 172.16.4.7] GROUP: dpb not in > required group(s). > > > > So, even though the following User > Role > Permissions > Resource > association > > exists, the group with '-P' in it above won't allow dpb to authenticate > for repo access. > > > > dpb is a member of IT-InfrastructureTeam-SystemAdministrator-R and > > IT-InfrastructureTeam-SystemAdministrator-R is a member of > SVN-Puppet-ReadWrite-P AD > > group > > > > Any help would be greatly appreciated. > > > > -------- > > Dale Bohl > Sr. Systems Administrator > Mason Companies, Inc. > db...@masoncompaniesinc.com <mailto:db...@masoncompaniesinc.com> > (715)-720-4382 > > >
