2010/11/17 Pazmiño Mazón, Iván Andrés <iapm270...@sri.ad>: > Hello, > > I'm trying to solve a simple problem but can't find how in the svn-book. > I need to manage my users in groups, actually teams, I need only team > members to have read/write access to a set of projects and the rest of > the organization only read access. > > My subversion authenticates users with a ldap server, so I need all users > be part of a basic group that can read every project in the versionning > repository and to group together some users and grant them write access > to a selected set of projects.
You can setup repository access via LDAP. We did this at my last job and it's not that difficult. As the late Pierre de Fermat once said, "This proof is fairly simple, and I'll leave it to the reader to solve." There is a way to group users and set directory access by these groups. So, you can have the user name determined by LDAP, the login by LDAP, and the user name by LDAP. You can also use those user names in AUTHZ authorization. What I don't know is whether you can use LDAP groups to be the definitions that AUTHZ uses for directory based read and read/write access. That would be nice. If you cannot do that, you might want to use Apache and LDAP groups to give read/write access to your repository, then use pre-commit hooks to define your groups and set commit access to particular directories based upon groups. I rather not touch the Apache httpd configuration files every time someone comes into or leaves a group. I have a Perl based pre-commit hook that allows you to define groups and set read-only, read-write, and add-only access based upon groups. You can also use the hook to check for properties on files, invalid file names, and a few other nice tricks. The hook is designed to use only the standard Perl modules which makes it easier to install. You can get that from <http://dl.dropbox.com/u/433257/new_svn_hooks.zip>. -- David Weintraub qazw...@gmail.com
