Hi Friends, Any update on this? Kindly cc me while replying as I have not subscribed to the mailing list.
On Mon, Jul 7, 2014 at 4:26 PM, Ankush Grover <ankushcen...@gmail.com> wrote: > Hi, > > I am trying to setup Subversion authentication through Active Directory > authentication and authorization through Active Directory groups.Everything > is working fine but the issue I am facing is when I want to restrict access > to subdirectorys of a subversion repository. For ex: there is a repo with a > name "ankushtest" and it has a subdirectory "test", now I want some users > which are in AD group to be able to read or commit to subdirectory "test" > only. This access is working fine through SVN clients like Tortoise etc.. > but when I try to open the same on a browser, the user which has access > only to subdirectory "test" is able to see the all the directorys or files > under repo "ankushtest". How this is working is like that, if a user types > the complete url for the "test" directory like > http://svn.example.com/src/ankushtest/test"; then browser is showing the > all the files & directorys of a repo. > In the Apache logs I see the below warning whenever I click on the url > http://svn.example.com/src/ankushtest/test"; and this test directory on > the browser shows all the files & directorys whereas this directory has > only 1 file and a sub-directory in it. > > Mon Jul 07 14:21:47 2014] [warn] mod_dav_svn: nested Location > '/src/ankushtest/test' hinders access to 'test1' in SVNPath Location > '/src/ankushtest' > > > Environment: Centos 6.5 64-bit with Selinux & Iptables off, Subversion > 1.7.17-1(downloaded from the WANDisco site) & Apache version 2.2.15-30 > > > My subversion Configuration file is below > > > LoadModule dav_svn_module modules/mod_dav_svn.so > LoadModule authz_svn_module modules/mod_authz_svn.so > LDAPVerifyServerCert off > LDAPTrustedMode SSL > LDAPTrustedGlobalCert CERT_BASE64 /etc/pki/tls/cert1.pem > LDAPTrustedGlobalCert KEY_BASE64 /etc/pki/tls/key1.pem > > > <Location "/"> > AuthBasicProvider ldap > AuthType Basic > AuthzLDAPAuthoritative On > AuthName "3PG SVN Repository" > AuthLDAPURL "ldaps:// > 172.16.9.80:3269/DC=exampleC=corp?sAMAccountName?sub?(objectClass=user) > "SSL > AuthLDAPURL "ldaps:// > 172.16.9.90:3269/DC=example,DC=corp?sAMAccountName?sub?(objectClass=user) > "SSL > AuthLDAPBindDN "auth...@example.corp" > AuthLDAPBindPassword ldapsS@1234 > > </location> > > <Location "/src/ankushtest"> > Dav svn > SVNPATH /home/svn_repos/src/ankushtest > > <Limit GET PROPFIND OPTIONS REPORT> > Require ldap-group CN=svn_test_ro,OU=test,DC=example,DC=corp > Require ldap-group CN=svn_test,OU=test,DC=example,DC=corp > </Limit> > > # Write access > <LimitExcept GET PROPFIND OPTIONS REPORT> > Require ldap-group CN=svn_test,OU=test,DC=example,DC=corp > > </LimitExcept> > </Location> > > > <Location "/src/ankushtest/test"> > > Dav svn > SVNPATH /home/svn_repos/src/ankushtest > SVNReposName "ankush-2 test repo" > > <Limit GET PROPFIND OPTIONS REPORT> > Require ldap-group CN=svn_test_b_ro,OU=test,DC=example,DC=corp > Require ldap-group CN=svn_test_b_rw,OU=test,DC=example,DC=corp > Require ldap-group CN=svn_test,OU=test,DC=example,DC=corp > </Limit> > > # Write access > <LimitExcept GET PROPFIND OPTIONS REPORT> > Require ldap-group CN=svn_test_b_rw,OU=test,DC=example,DC=corp > Require ldap-group CN=svn_test,OU=test,DC=example,DC=corp > </LimitExcept> > </Location> > > > What is the best way to configure and control subfolders access via Active > Directory groups so that things works fine in the browser too... > > > Thanks & Regards > > Ankush Grover >
