subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Branko ─îibej <br...@apache.org>
Subject Re: Apache httpd 2.4 + Subversion 1.9.5 + LDAP combination does not work on CentOS 7.x
Date Mon, 17 Jul 2017 12:22:13 GMT
On 17.07.2017 14:09, Ravi Roy wrote:
> Hi
>
> I've been using Apache httpd 2.2.23 with Subvesion 1..6.21 with LDAP
> on CentOS 5.11 (old setup) for years now. Recently we planned to
> upgrade to Subversion 1.9.x with Apache httpd 2.4.x, i've prepared the
> setup as per the following with LDAP support :
>
> 1) compiled and installed Apache 2.4.16 from source
> 2) compile and installed Subversion 1.9.5 from source
>
>
> I've the following snippet in my httpd config which works in old setup
> perfectly but in the new setup it does not work at all, It can not
> control the repo access:
>
> <Location /svn/MyRepo>
>     DAV svn
>     SVNPath /var/repos/svn/MyRepo.
>         Satisfy any
>         <LimitExcept GET PROPFIND OPTIONS REPORT>
>                 Require valid-user
>         </LimitExcept>
>         Order allow,deny
>         Allow from all
>         AuthzLDAPAuthoritative on
>         AuthType Basic
>         AuthName "Please use your Username and Password:"
>         AuthLDAPBindDN "CN=Ac,OU=All Users,OU=myOU,DC=mydomain,DC=com"
>         AuthLDAPBindPassword mypass
>         AuthLDAPURL
> "ldap://mydomain.com:3269/dc=mydomain,dc=com?sAMAccountName?sub?(objectClass=*)
> <http://mydomain.com:3268/dc=mydomain,dc=com?sAMAccountName?sub?%28objectClass=*%29>"
>         AuthBasicProvider ldap
>         AuthUserFile /dev/null
>         AuthzSVNAccessFile /var/repos/permissions/permfile.txt
> </Location>
>
> permfile.txt
> ========
>
> [groups]
> write-perm1 = user1, user2
>
> [/]
> @write-perm1 = rw
> * =
>
>
> After removing "AuthzLDAPAuthoritative on" (which is removed in Apache
> httpd 2.4.x), it allows any ldap user to access the repo (which i do
> not want). I want permfile to control the access to repo, but i could
> not see an effective way to enable it.
> Can somebody help here please?

You should remove these lines:

    Satisfy any
    Order allow,deny
    Allow from all
    AuthUserFile /dev/null


then add

    Satisfy all


I also suggest you add the HEAD method to the LimitExcept directive.

-- Brane

Mime
View raw message