On 13-09-17 11:26 AM, Tati, Aslesh : Barclaycard US wrote:
I’m trying to setup a path based authorization using different LDAP groups.
Developers should be able to see all repositories and commit to all
repos (the corresponding LDAP group is subversion_developers)
Business users should be able to see all repositories but only commit to
specific assigned repo (corresponding LDAP group is subversion_bususers)
There is another LDAP group which is subversion_readonly which is
intended to give read only access to all repos.
My httpd.conf looks something like this:
RedirectMatch ^(/svn)$ $1/
<Location /repos>
DAV svn
SVNParentPath "/local/data/svn/svntestrepos"
SVNReposName "CollabNet Subversion Repository"
BrowserMatch "^SVN/1.[456]" denyclient
order allow,deny
allow from all
deny from env=denyclient
SVNListParentPath On
Allow from all
AuthType Basic
AuthName "CollabNet Subversion Repository"
AuthBasicProvider ldap
AuthLDAPUrl
"ldap://xyz.com:3268/dc=abc,dc=com?sAMAccountName?sub?objectClass=*"; "NONE"
AuthLDAPBindDN "svn_user"
AuthLDAPBindPassword "password"
<LimitExcept OPTIONS GET PROPFIND REPORT>
require ldap-group CN= subversion_readonly,OU=abc Access
Groups,DC=abc,DC=com
</LimitExcept>
require ldap-group CN= subversion_developers,OU=abc Access
Groups,DC=abc,DC=com
</Location>
<Location /repos/business>
DAV svn
SVNPath "/local/data/svn/svntestrepos/business"
SVNReposName "CollabNet Business users Subversion Repository"
BrowserMatch "^SVN/1.[456]" denyclient
order allow,deny
allow from all
deny from env=denyclient
Allow from all
AuthType Basic
AuthName "CollabNet Business Users Subversion Repository"
AuthBasicProvider ldap
AuthLDAPUrl
"ldap://xyz.com:3268/dc=abc,dc=com?sAMAccountName?sub?objectClass=*"; "NONE"
AuthLDAPBindDN "svn_user"
AuthLDAPBindPassword "password"
<LimitExcept OPTIONS GET PROPFIND REPORT>
require ldap-group CN= subversion_readonly,OU=abc Access
Groups,DC=abc,DC=com
</LimitExcept>
require ldap-group CN= subversion_bususers,OU=abc Access
Groups,DC=abc,DC=com
</Location>
I’m able to access all repos except the business repo with this setting
and when I try to commit something I get an error saying “Redirect cycle
detected for URL”
Does this have something to do with the line RedirectMatch ^(/svn)$ $1/
? I’m pretty much a novice at apache configuration, so forgive my ignorance.
Any help is appreciated, Thank you.
Barclaycard
www.barclaycardus.com <http://www.barclaycardus.com>
This email and any files transmitted with it may contain confidential
and/or proprietary information. It is intended solely for the use of the
individual or entity who is the intended recipient. Unauthorized use of
this information is prohibited. If you have received this in error,
please contact the sender by replying to this message and delete this
material from any system it may be on.
RedirectMatch tells the requesting tool to try again at the new address,
which means it returns a response code and tells the client to try again
at the new address.
In your case, ^(/svn)$ $1/ says "Match ONLY /svn" and then "Redirect to
"/svn/", which probably is getting sent back into the RedirectMatch.
Http:/httpd.apache.org/docs/2.2/mod_alias.html has the relevant
information. If you want to redirect any URLS that look like
"www.example.com/svn/business" to "www.example.com/respos/business", you
would need something like the following:
RedirectMatch ^/svn/(*.) /repos/$1
Is there a reason you are doing URL redirection, though? You can
probably just set the Location directives to be /svn and /svn/business
directly and not deal with redirects or rewrites at all. If you really
are looking at doing URL modifications, you might be better served with
mod_rewrite.
Robert
