I think this is the correct mailing list for this question.
I am LDAP authenticating against 2 domain controllers; in 2 different
locations.
I thought that I was locking down each repository to allow only users,
included in a specific AD group, to have read/write access to a
repository.
I say supposedly because apparently the second part is not working. Right
now, anyone can access any repository. Can someone lend a hand in figuring
out what I have done wrong, or need to do?
Here is what I have:
I've configured my ldap aliases as follows:
<AuthnProviderAlias ldap ldap-FCGNET>
AuthLDAPBindDN FCGNET\svnuser
AuthLDAPBindPassword xxxxxxxxx
AuthLDAPURL
ldap://xxxxxx.fcg.com:3268/DC=fcg,DC=com?samAccountName?sub?
(objectCategory=person)
</AuthnProviderAlias>
<AuthnProviderAlias ldap ldap-VIET>
AuthLDAPBindDN "CN=fcgvuser,OU=Service
Accounts,OU=Users,OU=Production,DC
=vdc,DC=csc,DC=com"
AuthLDAPBindPassword xxxxxxxxxxx
AuthLDAPURL ldap://xxxxx.vdc.csc.com:3268/DC=vdc,DC=csc,DC=com?sa
mAccountName?sub?(objectCategory=person)
</AuthnProviderAlias>
Then in each, specific repositorry configuration file, I have the
following:
<Location /FDCertifications>
dav svn
SVNPath /disk01/home/FDCertifications
AuthType Basic
AuthBasicProvider ldap-FCGNET ldap-VIET
AuthzLDAPAuthoritative off
AuthName "CSC Subversion Repository"
Require valid-user
Require ldap-group CN=PRJ
FDCertifications,OU=Europe,OU=Groups,DC=fcg,DC=com
Require ldap-user pmoss
</Location>
I thought the "Require ldap-group" line locked access down to allow only
the users in the group access to the repo. That is not the case though.
Everyone can access any repository; as long as they have an FCGNET
account.
I tried adding the AuthnProviderAlias lines to each config file, but I get
an error because it only needs to be defined once.
I tried removing the "Require valid-user" line; but that then doesn't
allow any access.
Have any clues what I am doing wrong? Thanks.
PATI MOSS
System Engineer Sr. Professional
CSC
