Login | Register
My pages Projects Community openCollabNet

Discussions > users [DISABLED] > RE: Limiting access to a particular repository subdirectory

subversion
Discussion topic

Back to topic list

RE: Limiting access to a particular repository subdirectory

Author "Srilakshmanan, Lakshman" <lakshman dot srilakshmanan at police dot vic dot gov dot au>
Full name "Srilakshmanan, Lakshman" <lakshman dot srilakshmanan at police dot vic dot gov dot au>
Date 2009-10-12 21:17:26 PDT
Message Hi Craig,

The only other method I can think of is to use a pre-commit hook.

Hope this helps.

Thanks
Lakshman
-----Original Message-----
From: Andrey Repin [mailto:anrdaemon at freemail dot ru]
Sent: Tuesday, 13 October 2009 1:12 PM
To: Craig Pendleton; users at subversion dot tigris dot org
Subject: Re: Limiting access to a particular repository subdirectory

Greetings, Craig Pendleton!

>>> We are currently running Subversion 1.4 through Apache 2.2,
authenticating
>>> our users via LDAP and a ?Require valid-user? parameter. This has
been
>>> working fine for us. We are bringing in a third party who will
only be
>>> working several levels deep in the repository and would like to
restrict
>>> their access to these subdirectories only. We would like to use
LDAP
>>> groups to accomplish this. Basically what we are looking for is
the
>>> following:
>>>
>>> /repository/foo (read, write by A, B LDAP groups; no read or
write for C
>>> group )
>>> /repository/foo/bar (read, write by A, B, C LDAP groups)
>>>
>>> I?ve tried multiple <Location> directives (with different ?Require
>>> ldap-filter? parameters) into different parts of the same
>>> repository, with no success. ?Require ldap-group? will not work for

>>> us as it seems to only accept one group as argument.
>>>
>>> Is this possible? If so, can someone point me in the right
direction?
>>> Thank you in advance.

>> Have you considered Path-Based Authorization
>>
>> http://svnbook.red-b​ean.com/en/1.4/svn.s​erverconfig.pathbase​dauthz.ht
>> ml

> Hi Lakshman,

> Thank you for the suggestion and the quick reply. Path-based
authorization
> would be ideal, but my understanding is that this requires a flat file

> containing path, user and/or group details and cannot query group
membership
> from LDAP. Can path-based authorization leverage LDAP groups? I
didn?t
> find any documentation indicating that it can, so I?m looking for
> alternatives.

> Suggestions greatly appreciated.

I suggest you upgrade your ancient server software and read appropriate
documentation.
http://svnbook.red-b​ean.com/nightly/en/s​vn-book.html#svn.ser​verconfig.pa
thbasedauthz

(Same for 1.5
http://svnbook.red-b​ean.com/en/1.5/svn-b​ook.html#svn.serverc​onfig.pathba
sedauthz
)


--
WBR,
 Andrey Repin (anrdaemon at freemail dot ru) 13.10.2009, <6:07>

Sorry for my terrible english...

--------------------​--------------------​--------------
http://subversion.ti​gris.org/ds/viewMess​age.do?dsForumId=106​5&dsMessageI
d=2406889

To unsubscribe from this discussion, e-mail:
[users-unsubscribe@s​ubversion.tigris.org​].

====================​====================​====================​====================​================
EMAIL DISCLAIMER

This email and any attachments are confidential. They may also be subject to copyright.

If you are not an intended recipient of this email please immediately contact us by replying
to this email and then delete this email.

You must not read, use, copy, retain, forward or disclose this email or any attachment.

We do not accept any liability arising from or in connection with unauthorised use or disclosure
of the information contained in this email or any attachment.

We make reasonable efforts to protect against computer viruses but we do not accept liability
for any liability, loss or damage caused by any computer virus contained in this email.
====================​====================​====================​====================​================

« Previous message in topic | 5 of 6 | Next message in topic »

Messages

Show all messages in topic

Limiting access to a particular repository subdirectory "Craig Pendleton" <craig dot pendleton at healthlanguage dot com> "Craig Pendleton" <craig dot pendleton at healthlanguage dot com> 2009-10-12 14:57:39 PDT
     RE: Limiting access to a particular repository subdirectory "Srilakshmanan, Lakshman" <lakshman dot srilakshmanan at police dot vic dot gov dot au> "Srilakshmanan, Lakshman" <lakshman dot srilakshmanan at police dot vic dot gov dot au> 2009-10-12 16:47:54 PDT
         Re: Limiting access to a particular repository subdirectory "Craig Pendleton" <craig dot pendleton at healthlanguage dot com> "Craig Pendleton" <craig dot pendleton at healthlanguage dot com> 2009-10-12 18:47:58 PDT
             Re: Limiting access to a particular repository subdirectory Andrey Repin <anrdaemon at freemail dot ru> Andrey Repin <anrdaemon at freemail dot ru> 2009-10-12 19:15:07 PDT
                 RE: Limiting access to a particular repository subdirectory "Srilakshmanan, Lakshman" <lakshman dot srilakshmanan at police dot vic dot gov dot au> "Srilakshmanan, Lakshman" <lakshman dot srilakshmanan at police dot vic dot gov dot au> 2009-10-12 21:17:26 PDT
                     Re: Limiting access to a particular repository subdirectory "Craig Pendleton" <craig dot pendleton at healthlanguage dot com> "Craig Pendleton" <craig dot pendleton at healthlanguage dot com> 2009-10-13 09:55:11 PDT
Messages per page: