Discussions  >  CollabNet Subversion Admins  >  RE: Now using AD! How to create Authorization setup

Hide all messages in topic

All messages in topic

Re: Now using AD! How to create Authorization setup Re: Now using AD! How to create Authorization setup

Author markphip (OCN Member)
Full name Mark Phippard
Date 2008-08-20 11:57:24 PDT
Message On 8/20/08 2:55 PM, "Mike Craig" <mcraig88 at yahoo dot com> wrote:

> Does the user name come through without the domain prefix?
>
> MyUser
>
> or
>
> MyDoma\MyUser

Do a commit and then look at the author field on the commit. It ultimately
depends on how things are configured. It could even be the full LDAP DN.

Mark

RE: Re: Now using AD! How to create Authorization setup RE: Re: Now using AD! How to create Authorization setup

Author mcraig88 (OCN Member)
Full name Mike Craig
Date 2008-08-20 11:55:03 PDT
Message Does the user name come through without the domain prefix?

MyUser

or

MyDoma\MyUser

RE: Now using AD! How to create Authorization setup RE: Now using AD! How to create Authorization setup

Author mcraig88 (OCN Member)
Full name Mike Craig
Date 2008-08-20 11:52:34 PDT
Message Ok, I think I have answered my own question. SVN does not provide Authorization when using Active Directory. I found a suggestion to use the <limit> directive in Apache 2.2, and define an ldap group query to define those that should have access to the path.

Does anyone have an example of using the <LimitExept> directive in this circumstance?

I'm thinking something like:

#Allow everyone to Read the / path
Require ldap-group CN=AllDomainUsers,OU​=IS,OU=Security Groups

#Allow Developers Write access to /Project1
<LimitExcept GET PROPFIND OPTIONS REPORT /Project1>
Require ldap-group CN=Developers,OU=IS,OU=Security Groups
<LimitExcept>

Re: Now using AD! How to create Authorization setup Re: Now using AD! How to create Authorization setup

Author markphip (OCN Member)
Full name Mark Phippard
Date 2008-08-20 11:50:13 PDT
Message On 8/20/08 2:40 PM, "Mike Craig" <mcraig88 at yahoo dot com> wrote:

> I've done some googling, and have not found a good resource regarding how to
> assign AD Group security on a path basis.
>
> I'm trying to do something like this, using my AD group names, note that
> SVNManagement and Developers are ActiveDirectory group names:

Groups memberships are not visible to Subversion, just the username. So you
have to recreate the groups in the authz file. Of course since they are
essentially just different groups you can give them different names and user
assignments.

Mark

Now using AD! How to create Authorization setup Now using AD! How to create Authorization setup

Author mcraig88 (OCN Member)
Full name Mike Craig
Date 2008-08-20 11:40:20 PDT
Message I've done some googling, and have not found a good resource regarding how to assign AD Group security on a path basis.

I'm trying to do something like this, using my AD group names, note that SVNManagement and Developers are ActiveDirectory group names:

[/]
*=r
SVNManagement=rw

[/project1]
Developers=rw
Messages per page: