如何添加对SVN + LDAP访问的组访问权限?

时间:2012-04-18 10:59:18

标签: svn apache

我已经使用ldap设置了一个系统来控制对svn repos的访问。

目前,ldap用户可以获得对存储库的完全访问权限。

我想要实现的目标: 在ldap中为一个svn存储库设置了2个组:

  • project_developer

  • project_guest

,其中

  • project_developer具有读写权限

  • project_guest拥有只读权限。

有没有人知道如何使这项工作?或任何提示将不胜感激

提前致谢。

环境

  • CentOS版本4.9(最终版)
  • Apache 2
  • Subversion版本1.4.6(r28521)

1 个答案:

答案 0 :(得分:0)

<Location />
      AuthBasicProvider ldap
      AuthType Basic
      AuthName "SVN Server"
      #general user for ldap requests which password never expire
      AuthLDAPBindDN insertLdapUserHere
      AuthLDAPBindPassword insertPasswordForLdapUserHere
      AuthLDAPURL ldap://ldapServerHostName.companyXYZ.com:3268/?userPrincipalName?sub?(objectClass=user)
      Require valid-user

    </Location>
    <Location /path/to/repo/which/apear/in/webbrowser>

      # Uncomment this to enable the repository
      DAV svn

      # Set this to the path to your repository
      SVNPath /absolute/path/to/the/repo

      #set order of authentification
      Order Deny,Allow
      #generally disallow for all
      Deny from all
      #only allow for Germany and Amerika
      Allow from GER.companyXYZ.com US.companyXYZ.com
      # allow read and write access to ldap modify group
      # IMPROTANT: User full qualified name for group
      Require ldap-group CN=Modiy-GroupName,OU=Groups,OU=DomainName,DC=companyXYZ,DC=com
      # for read request allow all users in the read group
      # Limit handle only the read access commands, if such a command will be received, it checks the Read-Group
      <Limit OPTIONS PROPFIND GET REPORT>
        Require ldap-group CN=Read-GroupName,OU=Groups,OU=DomainName,DC=companyXYZ,DC=com
      </Limit>
    </Location>