I'm trying to setup a path based authorization using different LDAP groups.
Developers should be able to see all repositories and commit to all repos (the
corresponding LDAP group is subversion_developers)
Business users should be able to see all repositories but only commit to
specific assigned repo (corresponding LDAP group is subversion_bususers)
There is another LDAP group which is subversion_readonly which is intended to
give read only access to all repos.
My httpd.conf looks something like this:
RedirectMatch ^(/svn)$ $1/
Location /repos
DAV svn
SVNParentPath /local/data/svn/svntestrepos
SVNReposName CollabNet Subversion Repository
BrowserMatch ^SVN/1.[456] denyclient
order allow,deny
allow from all
deny from env=denyclient
SVNListParentPath On
Allow from all
AuthType Basic
AuthName CollabNet Subversion Repository
AuthBasicProvider ldap
AuthLDAPUrl
ldap://xyz.com:3268/dc=abc,dc=com?sAMAccountName?sub?objectClass=*; NONE
AuthLDAPBindDN svn_user
AuthLDAPBindPassword password
LimitExcept OPTIONS GET PROPFIND REPORT
require ldap-group CN= subversion_readonly,OU=abc Access Groups,DC=abc,DC=com
/LimitExcept
require ldap-group CN= subversion_developers,OU=abc Access
Groups,DC=abc,DC=com
/Location
Location /repos/business
DAV svn
SVNPath /local/data/svn/svntestrepos/business
SVNReposName CollabNet Business users Subversion Repository
BrowserMatch ^SVN/1.[456] denyclient
order allow,deny
allow from all
deny from env=denyclient
Allow from all
AuthType Basic
AuthName CollabNet Business Users Subversion Repository
AuthBasicProvider ldap
AuthLDAPUrl
ldap://xyz.com:3268/dc=abc,dc=com?sAMAccountName?sub?objectClass=*; NONE
AuthLDAPBindDN svn_user
AuthLDAPBindPassword password
LimitExcept OPTIONS GET PROPFIND REPORT
require ldap-group CN= subversion_readonly,OU=abc Access Groups,DC=abc,DC=com
/LimitExcept
require ldap-group CN= subversion_bususers,OU=abc Access Groups,DC=abc,DC=com
/Location
I'm able to access all repos except the business repo with this setting and
when I try to commit something I get an error saying Redirect cycle detected
for URL
Does this have something to do with the line RedirectMatch ^(/svn)$ $1/ ? I'm
pretty much a novice at apache configuration, so forgive my ignorance.
Any help is appreciated, Thank you.
Barclaycard
www.barclaycardus.com
This email and any files transmitted with it may contain confidential and/or
proprietary information. It is intended solely for the use of the individual or
entity who is the intended recipient. Unauthorized use of this information is
prohibited. If you have received this in error, please contact the sender by
replying to this message and delete this material from any system it may be on.