SVN特定用户的访问

SVN特定用户的访问

关注
发信
关注(28)粉丝(399)

如何限制Apache的/ SVN特定用户的访问(LDAP /基于文件的验证)?

本文介绍了如何限制Apache的/ SVN特定用户的访问(LDAP /基于文件的验证)?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我在Windows 2003上运行通过LDAP / Active Directory和平面文件验证的Apache / SVN。

I have Apache/SVN running on Windows 2003 with authentication via LDAP/Active Directory and a flat-file.

它的工作很大的不同之处在于的任意的LDAP用户可以访问一切。我希望能够通过用户或组限制SVN回购。

It's working great except that any LDAP user can access everything. I'd like to be able to limit SVN repos by user or group.

在理想情况下,我会得到这样的:

Ideally, I'd get to something like this:

<Location /svn/repo1>
  # restricted to ldap-user1, file-user1, or members of ldap-group1
  # all others denied
</Location>

<Location /svn/repo2>
  # restricted to ldap-user2, file-user2, or members of ldap-group2
  # all others denied
</Location>

真正的技巧可能是因为我有混合身份验证:LDAP和文件:

The real trick might be that I have mixed authentication: ldap and file:

<Location /svn>
  DAV svn
  SVNParentPath C:/svn_repository
  AuthName "Subversion Repository"
  AuthType Basic
  AuthBasicProvider ldap file
  AuthUserFile "svn-users.txt" #file-based, custom users
  AuthzLDAPAuthoritative On
  AuthLDAPBindDN [email protected]
  AuthLDAPBindPassword ldappassword
  AuthLDAPURL ldap://directory.com:389/cn=Users,dc=directory,dc=com?sAMAccountName?sub?(objectCategory=person)
  Require valid-user
</Location>

编辑:我在Google上搜寻,我见过一些人做到这一点拉在AuthZ的文件是这样的:

in my googling, I've seen some people accomplish this by pulling in the authz file like this:

<Location /svn>
  ...
  AuthzSVNAccessFile "conf/svn-authz.txt"
</Location

然后,我需要映射AD用户。这种做法的任何例子吗?

Then, I'd need to map the AD users. Any examples of that approach?

推荐答案

这实际上比我想象的要容易得多。我说这我的位置:

This was actually a lot easier than I thought it would be. I added this to my location:

<Location /svn>
  ...
  AuthzSVNAccessFile "conf/svn-authz.txt"
</Location

在该文件中,我只是指定的正常SVN的权限(系统似乎并没有在这一点上文件的用户和LDAP用户来区分):

In that file, I just specified normal SVN permissions (the system doesn't seem to distinguish between file users and ldap users at this point):

[groups]
@admin = haren

###
### deny all but admins to the tree
###

[/]
* =
@admin = rw


###
### allow more specific people on a per-repo basis below
###

[repo1:/]
ldap-user1 = rw
file-user1 = rw

[repo2:/]
ldap-user2 = rw
file-user2 = rw

我仍然在摆弄LDAP组的语法来获得的那部分工作。任何建议有AP preciated。

I'm still playing around with the LDAP group syntax to get that part working. Any suggestions there are appreciated.

这篇关于如何限制Apache的/ SVN特定用户的访问(LDAP /基于文件的验证)?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

07-28 01:03
Powered by LMLPHP ©2025 SVN特定用户的访问 0.033702