I think this is the correct mailing list for this question. I am LDAP authenticating against 2 domain controllers; in 2 different locations. I thought that I was locking down each repository to allow only users, included in a specific AD group, to have read/write access to a repository. I say supposedly because apparently the second part is not working. Right now, anyone can access any repository. Can someone lend a hand in figuring out what I have done wrong, or need to do? Here is what I have: I've configured my ldap aliases as follows: <AuthnProviderAlias ldap ldap-FCGNET> AuthLDAPBindDN FCGNET\svnuser AuthLDAPBindPassword xxxxxxxxx AuthLDAPURL ldap://xxxxxx.fcg.com:3268/DC=fcg,DC=com?samAccountName?sub? (objectCategory=person) </AuthnProviderAlias> <AuthnProviderAlias ldap ldap-VIET> AuthLDAPBindDN "CN=fcgvuser,OU=Service Accounts,OU=Users,OU=Production,DC =vdc,DC=csc,DC=com" AuthLDAPBindPassword xxxxxxxxxxx AuthLDAPURL ldap://xxxxx.vdc.csc.com:3268/DC=vdc,DC=csc,DC=com?sa mAccountName?sub?(objectCategory=person) </AuthnProviderAlias>
Then in each, specific repositorry configuration file, I have the following: <Location /FDCertifications> dav svn SVNPath /disk01/home/FDCertifications AuthType Basic AuthBasicProvider ldap-FCGNET ldap-VIET AuthzLDAPAuthoritative off AuthName "CSC Subversion Repository" Require valid-user Require ldap-group CN=PRJ FDCertifications,OU=Europe,OU=Groups,DC=fcg,DC=com Require ldap-user pmoss </Location> I thought the "Require ldap-group" line locked access down to allow only the users in the group access to the repo. That is not the case though. Everyone can access any repository; as long as they have an FCGNET account. I tried adding the AuthnProviderAlias lines to each config file, but I get an error because it only needs to be defined once. I tried removing the "Require valid-user" line; but that then doesn't allow any access. Have any clues what I am doing wrong? Thanks. PATI MOSS System Engineer Sr. Professional CSC