subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Shahaf <...@daniel.shahaf.name>
Subject Re: Setting up Jenkins and Subversion for multiple LDAP domains.
Date Tue, 06 Sep 2011 15:50:02 GMT
David Weintraub wrote on Tue, Sep 06, 2011 at 11:12:41 -0400:
> This is really part of the same question, but it involves both our
> Subversion repository and Jenkins.
> 
> We want to use our Windows Active Directory to log into Jenkins and as
> our permissioning scheme in Subversion. Subversion uses Apache httpd.
> 
> First in Subversion: We have the following setup for the "mfxdomain":
> 
> <Location /src>
>         DAV svn
>         SVNParentPath /opt/cm/svn_repos
>         AuthType basic
>         AuthName "MFX Repository"
>         AuthBasicProvider ldap
>         AuthzLDAPAuthoritative off
>         AuthLDAPURL
> "ldap://mfxdomain.mycompany.com:3268/dc=mycompany,dc=com?sAMAccountName"
> NONE
>         AuthLDAPBindDN "CN=svnuser,OU=Users,DC=mycompany,DC=com"
>         AuthLDAPBindPassword "swordfish"
>         Require valid-user
> </Location>
> 
> This works great. Anyone in the mfxdomain is able to log in. However,
> many of our users are actually in the effdomain, so we need to verify
> a user is either in one of the two domains. How do I set this up? Do I
> need a new <location>, or do I double the AuthLDAP lines?
> 

AIUI httpd 2.3.x is required in order to be able to say 'Either <this>
LDAP group or <that> LDAP group' in authz settings.  (We ran into this
at ASF infra).  With 2.2 you might have to use separate <Location>s.

> And in both, how do I know if someone is in one domain or the other?
> Do they need to prefix their login with the domain?
> 

Why do you need to know that?

> -- 
> David Weintraub
> qazwart@gmail.com

Mime
View raw message