You might try this to sync your authz file to an ldap group, it will write in the entries for you, nice way to avoid issues with syntax perhaps?
http://www.thoughtspark.org/node/26 Never used it myself, meant to try it, but I've heard good things. -Pat On Thu, Jan 5, 2012 at 3:07 PM, Owen Loy <owen....@gmail.com> wrote: > Hi there, > > I'm wondering if my desired setup is possible: > > 1. Using svn+ssh > 2. Using pam_ldap to handle SSH access > 3. Using authz-db to handle ACL (against LDAP accounts) > > I'm running into a problem with #3. My current test setup is as follows: > > svnserve.conf: > --------------------- > [general] > authz-db = authz > ... > > authz: > --------- > [aliases] > svnaccess = CN=svngroup,CN=groups,DC=example,DC=com > > [/] > &svnaccess = rw > > With this setup, SSH is no problem (file permissions are correct, LDAP > works fine, etc...), but SVN returns Not Authorized. To debug, I tried the > following scenarios: > > authz with "local" user (works): > -------- > [/] > user1 = rw > > > authz with LDAP alias for specific user (does not work): > -------- > [aliases] > svnaccess = CN=user1,CN=users,DC=example,DC=com > > [/] > &svnaccess = rw > > Has anyone run this sort of setup successfully, or is able to determine > what I'm doing wrong? I'm 99% sure the DNs are correct (in that they work > for SSH purposes, and other non-related issues), but don't seem to work > within the authz file, even though the docs suggest it should. > > Thanks! >
