Subversion and AuthzSVNGroupsFile

2
votes

I want to split the majority of groups to be 'global' between repositories using the AuthzSVNGroupsFile directive to point to a common location and I also want local authz with the relative URL syntax e..g. ^/authz. This file would be synced to the LDAP groups.

However I would also like to be able to define groups in the local repository access file e.g. the group that sets access to the authz file or potentially others. As far as I can see you can only have one [groups] section in an authz file chain whether in one or two files - if you have multiple, only the last one is read.

So the more concise question - is it possible to define groups in both the

AuthzSVNGroupsFile

and

AuthzSVNAccessFile

if defined separately in the DAV setup?

3
svn

3 Answers

0
votes

We have done in our system:

enable 

#LoadModule dav_svn_module /usr/lib/apache2/modules/mod_dav_svn.so
#LoadModule authz_svn_module /usr/lib/apache2/modules/mod_authz_svn.so

Referral off

If you still have more questions, please post to answer.

0
votes

Excellent right answer for the LDAP groups. We use the non LDAP for:

<Location /prj>
DAV svn
SVNListParentPath On
SVNPath /repos/prj/
AuthType Basic
AuthName "Subversion PRJ repository"
AuthUserFile /d00000/.auth/prj/prj-auth-file
Require valid-user
</Location>

You can view the challenges in following file to correct. Error log var/log/apache2/error.log

Whenever finishing edit, the server bounce /etc/init.d/apache2 restart

Hope that will help you to solve the challenges

0
votes

We just only add it on httpd.conf file for LDAP groups.

<Location /prj>
DAV svn
SVNPath /repos/prj/
AuthType Basic
AuthBasicProvider ldap
#AuthzLDAPAuthoritative off
AuthName "PRJ" repository"
AuthLDAPBindDN "[email protected]"
AuthLDAPBindPassword "password"
AuthLDAPURL "ldap://try.prj.net:389/DC=prj,DC=net?sAMAccountName?sub?(objectClass=*)" NONE
Require ldap-attribute objectClass=*
Require ldap-group CN=SVNPRJ,OU=SVN,OU=DEV,DC=PRJ,DC=NET
</Location>