我有一个系统已经建立使用ldap来控制对svn回购的访问。如何将组访问添加到SVN + LDAP?
当前ldap用户可以完全访问存储库。
我想达到的目标: 设立2组LDAP一个SVN仓库:
project_developer
project_guest
其中
project_developer拥有读写权限
project_guest拥有只读权限。
有没有人知道如何使这项工作?或任何提示将不胜感激
在此先感谢。
环境
<Location />
AuthBasicProvider ldap
AuthType Basic
AuthName "SVN Server"
#general user for ldap requests which password never expire
AuthLDAPBindDN insertLdapUserHere
AuthLDAPBindPassword insertPasswordForLdapUserHere
AuthLDAPURL ldap://ldapServerHostName.companyXYZ.com:3268/?userPrincipalName?sub?(objectClass=user)
Require valid-user
</Location>
<Location /path/to/repo/which/apear/in/webbrowser>
# Uncomment this to enable the repository
DAV svn
# Set this to the path to your repository
SVNPath /absolute/path/to/the/repo
#set order of authentification
Order Deny,Allow
#generally disallow for all
Deny from all
#only allow for Germany and Amerika
Allow from GER.companyXYZ.com US.companyXYZ.com
# allow read and write access to ldap modify group
# IMPROTANT: User full qualified name for group
Require ldap-group CN=Modiy-GroupName,OU=Groups,OU=DomainName,DC=companyXYZ,DC=com
# for read request allow all users in the read group
# Limit handle only the read access commands, if such a command will be received, it checks the Read-Group
<Limit OPTIONS PROPFIND GET REPORT>
Require ldap-group CN=Read-GroupName,OU=Groups,OU=DomainName,DC=companyXYZ,DC=com
</Limit>
</Location>
您可能会问这个问题找到更好的答案在servfail上。我还会强调其他技术的参与。例如linux/windows,IIS/Apache。 – Diziet 2012-04-18 11:05:17
感谢您的建议,我会添加我的环境。 – 2012-04-18 11:23:27