我已经使用ldap设置了一个系统来控制对svn repos的访问。
目前,ldap用户可以获得对存储库的完全访问权限。
我想要实现的目标: 在ldap中为一个svn存储库设置了2个组:
project_developer
project_guest
,其中
project_developer具有读写权限
project_guest拥有只读权限。
有没有人知道如何使这项工作?或任何提示将不胜感激
提前致谢。
环境
答案 0 :(得分:0)
<Location />
AuthBasicProvider ldap
AuthType Basic
AuthName "SVN Server"
#general user for ldap requests which password never expire
AuthLDAPBindDN insertLdapUserHere
AuthLDAPBindPassword insertPasswordForLdapUserHere
AuthLDAPURL ldap://ldapServerHostName.companyXYZ.com:3268/?userPrincipalName?sub?(objectClass=user)
Require valid-user
</Location>
<Location /path/to/repo/which/apear/in/webbrowser>
# Uncomment this to enable the repository
DAV svn
# Set this to the path to your repository
SVNPath /absolute/path/to/the/repo
#set order of authentification
Order Deny,Allow
#generally disallow for all
Deny from all
#only allow for Germany and Amerika
Allow from GER.companyXYZ.com US.companyXYZ.com
# allow read and write access to ldap modify group
# IMPROTANT: User full qualified name for group
Require ldap-group CN=Modiy-GroupName,OU=Groups,OU=DomainName,DC=companyXYZ,DC=com
# for read request allow all users in the read group
# Limit handle only the read access commands, if such a command will be received, it checks the Read-Group
<Limit OPTIONS PROPFIND GET REPORT>
Require ldap-group CN=Read-GroupName,OU=Groups,OU=DomainName,DC=companyXYZ,DC=com
</Limit>
</Location>