I appreciate all of the help that I am receiving. I have still not been successful in resolving this.
I removed the line: Require valid-user I have tried using: ?samAccountName?sub?(objectClass=*) Instead of: ?samAccountName?sub?(objectCategory=person) That is the only difference I see in my config files and the examples in the google hits. Yet I am still not successful in accessing the repository. I am, apparently, quite a novice with SVN, LDAP and ActiveDirectory because I am really confused as to how to proceed. PATI MOSS System Engineer Sr. Professional CSC From: kmra...@rockwellcollins.com To: Patricia A Moss/USA/c...@csc Cc: users@subversion.apache.org Date: 11/09/2010 11:13 AM Subject: Re: locking down access to a repository Patricia A Moss <pmo...@csc.com> wrote on 11/09/2010 09:41:42 AM: > From: Patricia A Moss <pmo...@csc.com> > To: kmra...@rockwellcollins.com > Cc: users@subversion.apache.org > Date: 11/09/2010 09:41 AM > Subject: Re: locking down access to a repository > > > >I don't think you want the "Require valid-user" line, since by > default it uses > >ANY of the Require lines as matches. (And in your case valid-user > matches all > >users so it doesn't care you are also specifying a group and an user.) > > But if I remove that line then no one can access the repository. I think you also may need to be less specific with your ldapurl (remove the objectclass or use * ??): (Assuming active directory, this is like what I have used in the past) AuthLDAPURL "ldap://ad.example.com/ou=group,dc=example,dc=com?sAMAccountName"; AuthLDAPGroupAttribute member Require ldap-group ... It has been quite awhile since I used ldap groups instead of authz files... This first google hit has some examples: http://www.held-im-ruhestand.de/software/apache-ldap-active-directory-authentication As does this one: http://ramblings.gibberishcode.net/archives/apache-22-and-active-directory-and-group-restrictions/36 Kevin R.
