On 17.07.2017 14:09, Ravi Roy wrote:
> Hi
>
> I've been using Apache httpd 2.2.23 with Subvesion 1..6.21 with LDAP
> on CentOS 5.11 (old setup) for years now. Recently we planned to
> upgrade to Subversion 1.9.x with Apache httpd 2.4.x, i've prepared the
> setup as per the following with LDAP support :
>
> 1) compiled and installed Apache 2.4.16 from source
> 2) compile and installed Subversion 1.9.5 from source
>
>
> I've the following snippet in my httpd config which works in old setup
> perfectly but in the new setup it does not work at all, It can not
> control the repo access:
>
> <Location /svn/MyRepo>
> DAV svn
> SVNPath /var/repos/svn/MyRepo.
> Satisfy any
> <LimitExcept GET PROPFIND OPTIONS REPORT>
> Require valid-user
> </LimitExcept>
> Order allow,deny
> Allow from all
> AuthzLDAPAuthoritative on
> AuthType Basic
> AuthName "Please use your Username and Password:"
> AuthLDAPBindDN "CN=Ac,OU=All Users,OU=myOU,DC=mydomain,DC=com"
> AuthLDAPBindPassword mypass
> AuthLDAPURL
> "ldap://mydomain.com:3269/dc=mydomain,dc=com?sAMAccountName?sub?(objectClass=*)
> <http://mydomain.com:3268/dc=mydomain,dc=com?sAMAccountName?sub?%28objectClass=*%29>"
> AuthBasicProvider ldap
> AuthUserFile /dev/null
> AuthzSVNAccessFile /var/repos/permissions/permfile.txt
> </Location>
>
> permfile.txt
> ========
>
> [groups]
> write-perm1 = user1, user2
>
> [/]
> @write-perm1 = rw
> * =
>
>
> After removing "AuthzLDAPAuthoritative on" (which is removed in Apache
> httpd 2.4.x), it allows any ldap user to access the repo (which i do
> not want). I want permfile to control the access to repo, but i could
> not see an effective way to enable it.
> Can somebody help here please?
You should remove these lines:
Satisfy any
Order allow,deny
Allow from all
AuthUserFile /dev/null
then add
Satisfy all
I also suggest you add the HEAD method to the LimitExcept directive.
-- Brane
