subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ankush Grover <ankushcen...@gmail.com>
Subject Re: How to control access of a subversion repo subfolder via AD groups
Date Wed, 09 Jul 2014 05:49:38 GMT
Hi Friends,

Any update on this? Kindly cc me while replying as I have not subscribed to
the mailing list.


On Mon, Jul 7, 2014 at 4:26 PM, Ankush Grover <ankushcentos@gmail.com>
wrote:

> Hi,
>
> I am trying to setup Subversion authentication through Active Directory
> authentication and authorization through Active Directory groups.Everything
> is working fine but the issue I am facing is when I want to restrict access
> to subdirectorys of a subversion repository. For ex: there is a repo with a
> name "ankushtest" and it has a subdirectory "test", now I want some users
> which are in AD group to be able to read or commit to subdirectory "test"
> only. This access is working fine through SVN clients like Tortoise etc..
> but when I try to open the same on a browser, the user which has access
> only to subdirectory "test" is able to see the all the directorys or files
> under repo "ankushtest". How this is working is like that, if a user types
> the complete url for the "test" directory like
> http://svn.example.com/src/ankushtest/test" then browser is showing the
> all the files & directorys of a repo.
>  In the Apache logs I see the below warning whenever I click on the url
> http://svn.example.com/src/ankushtest/test" and this test directory on
> the browser shows all the files & directorys whereas this directory has
> only 1 file and a sub-directory in it.
>
> Mon Jul 07 14:21:47 2014] [warn] mod_dav_svn: nested Location
> '/src/ankushtest/test' hinders access to 'test1' in SVNPath Location
> '/src/ankushtest'
>
>
> Environment:  Centos 6.5 64-bit with Selinux & Iptables off, Subversion
> 1.7.17-1(downloaded from the WANDisco site) & Apache version 2.2.15-30
>
>
> My subversion Configuration file is below
>
>
> LoadModule dav_svn_module     modules/mod_dav_svn.so
> LoadModule authz_svn_module   modules/mod_authz_svn.so
> LDAPVerifyServerCert off
> LDAPTrustedMode SSL
> LDAPTrustedGlobalCert CERT_BASE64 /etc/pki/tls/cert1.pem
> LDAPTrustedGlobalCert KEY_BASE64 /etc/pki/tls/key1.pem
>
>
> <Location "/">
> AuthBasicProvider ldap
> AuthType Basic
> AuthzLDAPAuthoritative On
>  AuthName "3PG SVN Repository"
>  AuthLDAPURL "ldaps://
> 172.16.9.80:3269/DC=exampleC=corp?sAMAccountName?sub?(objectClass=user)
> "SSL
>  AuthLDAPURL "ldaps://
> 172.16.9.90:3269/DC=example,DC=corp?sAMAccountName?sub?(objectClass=user)
> "SSL
>  AuthLDAPBindDN "authsvn@example.corp"
>  AuthLDAPBindPassword ldapsS@1234
>
> </location>
>
> <Location "/src/ankushtest">
> Dav svn
> SVNPATH /home/svn_repos/src/ankushtest
>
>         <Limit GET PROPFIND OPTIONS REPORT>
>         Require ldap-group CN=svn_test_ro,OU=test,DC=example,DC=corp
>         Require ldap-group CN=svn_test,OU=test,DC=example,DC=corp
>         </Limit>
>
>         # Write access
>         <LimitExcept GET PROPFIND OPTIONS REPORT>
>         Require ldap-group CN=svn_test,OU=test,DC=example,DC=corp
>
>         </LimitExcept>
> </Location>
>
>
> <Location "/src/ankushtest/test">
>
> Dav svn
> SVNPATH /home/svn_repos/src/ankushtest
> SVNReposName "ankush-2 test repo"
>
>         <Limit GET PROPFIND OPTIONS REPORT>
>         Require ldap-group CN=svn_test_b_ro,OU=test,DC=example,DC=corp
>         Require ldap-group CN=svn_test_b_rw,OU=test,DC=example,DC=corp
>     Require ldap-group CN=svn_test,OU=test,DC=example,DC=corp
>         </Limit>
>
>         # Write access
>         <LimitExcept GET PROPFIND OPTIONS REPORT>
>         Require ldap-group CN=svn_test_b_rw,OU=test,DC=example,DC=corp
>     Require ldap-group CN=svn_test,OU=test,DC=example,DC=corp
>         </LimitExcept>
> </Location>
>
>
> What is the best way to configure and control subfolders access via Active
> Directory groups so that things works fine in the browser too...
>
>
> Thanks & Regards
>
> Ankush Grover
>

Mime
View raw message