apache/subversion with ldap
hi, my friends
I try to verify access of svn user from apache by openldap.
I create userA and userB with schema posixAccount
and create groupA with schema posixGroups in openldap and add userA to it.
then I add line *Require group cn=groupA,dc=my* to apache's config file.
but, both userA and userB can login to subversion. why?
below is the version I use :
apache2 Version: 2.2.6-3
slapd Version: 2.3.38-1
libapache2-svn 1.4.4dfsg1-1
and attachements are complete config files
dn: dc=my
objectClass: dcObject
objectClass: organization
o: Example Company
dc: my
dn: cn=admin,dc=my
objectClass: organizationalRole
cn: admin
dn: uid=userA,dc=my
objectClass: top
objectClass: posixAccount
objectClass: account
cn: userA
uid: userA
uidNumber: 1
gidNumber: 1
homeDirectory: /home/userA
userPassword: 1
dn: uid=userB,dc=my
objectClass: top
objectClass: posixAccount
objectClass: account
cn: userB
uid: userB
uidNumber: 2
gidNumber: 2
homeDirectory: /home/userB
userPassword: 1
dn: cn=groupA,dc=my
objectClass: top
objectClass: posixGroup
cn: groupA
gidNumber: 1
memberUid: userA
<Location /svn>
DAV svn
SVNPath /var/lib/svn
AuthType basic
AuthName "SVN"
AuthBasicProvider ldap
AuthzLDAPAuthoritative on
AuthLDAPURL ldap://localhost:389/dc=my?uid
Require group cn=groupA,dc=my
AuthzSVNAccessFile /etc/apache2/dav_svn.authz
</Location>
[/]
* = r
Reply to: