David Weintraub wrote on Tue, Sep 06, 2011 at 11:12:41 -0400: > This is really part of the same question, but it involves both our > Subversion repository and Jenkins. > > We want to use our Windows Active Directory to log into Jenkins and as > our permissioning scheme in Subversion. Subversion uses Apache httpd. > > First in Subversion: We have the following setup for the "mfxdomain": > > <Location /src> > DAV svn > SVNParentPath /opt/cm/svn_repos > AuthType basic > AuthName "MFX Repository" > AuthBasicProvider ldap > AuthzLDAPAuthoritative off > AuthLDAPURL > "ldap://mfxdomain.mycompany.com:3268/dc=mycompany,dc=com?sAMAccountName"; > NONE > AuthLDAPBindDN "CN=svnuser,OU=Users,DC=mycompany,DC=com" > AuthLDAPBindPassword "swordfish" > Require valid-user > </Location> > > This works great. Anyone in the mfxdomain is able to log in. However, > many of our users are actually in the effdomain, so we need to verify > a user is either in one of the two domains. How do I set this up? Do I > need a new <location>, or do I double the AuthLDAP lines? >
AIUI httpd 2.3.x is required in order to be able to say 'Either <this> LDAP group or <that> LDAP group' in authz settings. (We ran into this at ASF infra). With 2.2 you might have to use separate <Location>s. > And in both, how do I know if someone is in one domain or the other? > Do they need to prefix their login with the domain? > Why do you need to know that? > -- > David Weintraub > qazw...@gmail.com
