apache/subversion with ldap

To: debian-user@lists.debian.org
Subject: apache/subversion with ldap
From: hhding <hhding.gnu@gmail.com>
Date: Thu, 24 Jan 2008 18:26:29 +0800
Message-id: <[🔎] 479867D5.8010305@gmail.com>

hi, my friends

I try to verify access of svn user from apache by openldap.
I create userA and userB with schema posixAccount
and create groupA with schema posixGroups in openldap and add userA to it.
then I add line *Require group cn=groupA,dc=my* to apache's config file.
but, both userA and userB can login to subversion. why?

below is the version I use :
apache2 Version: 2.2.6-3
slapd Version: 2.3.38-1
libapache2-svn 1.4.4dfsg1-1

and attachements are complete config files

dn: dc=my
objectClass: dcObject
objectClass: organization
o: Example Company
dc: my

dn: cn=admin,dc=my
objectClass: organizationalRole
cn: admin

dn: uid=userA,dc=my
objectClass: top
objectClass: posixAccount
objectClass: account
cn: userA
uid: userA
uidNumber: 1
gidNumber: 1
homeDirectory: /home/userA
userPassword: 1

dn: uid=userB,dc=my
objectClass: top
objectClass: posixAccount
objectClass: account
cn: userB
uid: userB
uidNumber: 2
gidNumber: 2
homeDirectory: /home/userB
userPassword: 1

dn: cn=groupA,dc=my
objectClass: top
objectClass: posixGroup
cn: groupA
gidNumber: 1
memberUid: userA

<Location /svn>

  DAV svn

  SVNPath /var/lib/svn
  AuthType basic
  AuthName "SVN"
  AuthBasicProvider ldap
  AuthzLDAPAuthoritative on
  AuthLDAPURL ldap://localhost:389/dc=my?uid
  Require group cn=groupA,dc=my

  AuthzSVNAccessFile /etc/apache2/dav_svn.authz
</Location>

[/]
* = r

Reply to:

Follow-Ups:
- Re: apache/subversion with ldap
  - From: Martin Marcher <martin@marcher.name>

Prev by Date: Re: Getting started with Xen -- Xen enabled kernel for Lenny?
Next by Date: how to resize lvm root partition
Previous by thread: Re: dpkg crawling!
Next by thread: Re: apache/subversion with ldap
Index(es):
- Date
- Thread