>I don't think you want the "Require valid-user" line, since by default it uses >ANY of the Require lines as matches. (And in your case valid-user matches all >users so it doesn't care you are also specifying a group and an user.)
But if I remove that line then no one can access the repository. PATI MOSS System Engineer Sr. Professional CSC From: kmra...@rockwellcollins.com To: Patricia A Moss/USA/c...@csc Cc: users@subversion.apache.org Date: 11/09/2010 10:38 AM Subject: Re: locking down access to a repository Stefan Sperling <s...@elego.de> wrote on 11/09/2010 08:34:37 AM: > > I've configured my ldap aliases as follows: > > <AuthnProviderAlias ldap ldap-FCGNET> > > AuthLDAPBindDN FCGNET\svnuser > > AuthLDAPBindPassword xxxxxxxxx > > AuthLDAPURL > > ldap://xxxxxx.fcg.com:3268/DC=fcg,DC=com?samAccountName?sub? > > (objectCategory=person) > > </AuthnProviderAlias> > > <AuthnProviderAlias ldap ldap-VIET> > > AuthLDAPBindDN "CN=fcgvuser,OU=Service > > Accounts,OU=Users,OU=Production,DC > > =vdc,DC=csc,DC=com" > > AuthLDAPBindPassword xxxxxxxxxxx > > AuthLDAPURL ldap://xxxxx.vdc.csc.com:3268/DC=vdc,DC=csc,DC=com?sa > > mAccountName?sub?(objectCategory=person) > > </AuthnProviderAlias> > > > > Then in each, specific repositorry configuration file, I have the > > following: > > <Location /FDCertifications> > > dav svn > > SVNPath /disk01/home/FDCertifications > > AuthType Basic > > AuthBasicProvider ldap-FCGNET ldap-VIET > > AuthzLDAPAuthoritative off > > AuthName "CSC Subversion Repository" > > Require valid-user > > Require ldap-group CN=PRJ > > FDCertifications,OU=Europe,OU=Groups,DC=fcg,DC=com > > Require ldap-user pmoss > > </Location> I don't think you want the "Require valid-user" line, since by default it uses ANY of the Require lines as matches. (And in your case valid-user matches all users so it doesn't care you are also specifying a group and an user.) Kevin R.
