I've not used LDAP in this way, but two things: Owen Loy wrote on Thu, Jan 05, 2012 at 14:07:58 -0800: > [aliases] > svnaccess = CN=svngroup,CN=groups,DC=example,DC=com >
I don't think you can use groups this way, since the file parser isn't aware of the semantics of LDAP. > With this setup, SSH is no problem (file permissions are correct, LDAP > works fine, etc...), but SVN returns Not Authorized. To debug, I tried the > following scenarios: > > authz with "local" user (works): > -------- > [/] > user1 = rw Define "works". Do you commit as 'svn commit --username=user1' over svn+ssh://? > authz with LDAP alias for specific user (does not work): > -------- > [aliases] > svnaccess = CN=user1,CN=users,DC=example,DC=com > > [/] > &svnaccess = rw > > Has anyone run this sort of setup successfully, or is able to determine > what I'm doing wrong? I'm 99% sure the DNs are correct (in that they work > for SSH purposes, and other non-related issues), but don't seem to work > within the authz file, even though the docs suggest it should. Try and find what username svn looks up in the file. It might be mentioned in the --log-file. (And if it isn't, you could create a dummy repository with "anon-access = none", or an equivalent configuration using authz-db and the $anonymous/$authenticated lhs tokens, to force svn to accept any non-anonymous username.)
