Re: apache/subversion with ldap
hhding wrote:
> Thanks for your advice :)
> Here is the config file, I take your advice and change Require group to
> Require ldap-group, but it does not work.
>
> ::::::::::::::
> /etc/apache2/mods-enabled/dav_svn.conf
> ::::::::::::::
> <Location /svn>
>
> DAV svn
>
> SVNPath /var/lib/svn
> AuthType basic
> AuthName "SVN"
> AuthBasicProvider ldap
> AuthzLDAPAuthoritative on
> AuthLDAPURL ldap://localhost:389/dc=my?uid
> Require ldap-group cn=groupA,dc=my
>
> AuthzSVNAccessFile /etc/apache2/dav_svn.authz
> </Location>
Looks very much like my config:
< LocationMatch "/(.*)">
AuthType Basic
AuthName "Authentication"
AuthBasicProvider ldap
AuthUserFile /dev/null
AuthLDAPURL "ldap://backend.example.com/dc=openforce,dc=com?uid?sub
(objectClass=simplesecurityObject)"
AuthLDAPRemoteUserIsDn off
AuthzLDAPAuthoritative on
AuthBasicAuthoritative on
AuthLDAPGroupAttribute memberUID
AuthLDAPGroupAttributeIsDN off
</LocationMatch>
<LocationMatch "/maven(.*)">
Dav On
<Limit GET HEAD OPTIONS PROPFIND>
require ldap-group cn=maven,ou=accounts,ou=groups,dc=example,dc=com
</Limit>
<LimitExcept GET HEAD OPTIONS PROPFIND>
require ldap-group
cn=developement,ou=accounts,ou=groups,dc=example,dc=com
</LimitExcept>
</LocationMatch>
the ldap looks fine to me.
/martin
--
http://noneisyours.marcher.name
http://feeds.feedburner.com/NoneIsYours
You are not free to read this message,
by doing so, you have violated my licence
and are required to urinate publicly. Thank you.
Reply to: