On 04.08.2017 18:39, Kedar Sirshikar (ksirshik) wrote:
>
> Hi team,
>
> I need some help on integration of SVN, Apache and LDAP.
>
>
>
> Currently we are using ‘/var/www/svn/users-access-file’ to store SVN
> admin users.
>
> Problem with this approach is if new admin users are added in LDAP
> then we have to change above file as well (for adding new users).
>
> Also, storing user names in ‘/var/www/svn/users-access-file’ is always
> discouraged as it may violate security.
>
>
>
> So, is there any way I can avoid using
> ‘/var/www/svn/users-access-file’ and achieve read/write access to SVN
> based on groups of LDAP users?
>
> I am also investing but as I am new to this area so your help may
> improve my investigation.
>
Yes, this is easily done; here's an example of the access part of the
httpd config file (for httpd 2.4.x):
<RequireAll>
Require valid-user
<Limit HEAD GET OPTIONS PROPFIND REPORT>
<RequireAny>
# Read access
Require ldap-group cn=svn.admin,ou=group,dc=example,dc=com
Require ldap-group
cn=svn.readonly,ou=group,dc=example,dc=com
</RequireAny>
</Limit>
<LimitExcept HEAD GET OPTIONS PROPFIND REPORT>
<RequireAny>
# Write access
Require ldap-group cn=svn.admin,ou=group,dc=example,dc=com
</RequireAny>
</LimitExcept>
</RequireAll>
-- Brane
