I have read the Subversion book regarding the configuration of mod_authnz_svn and mod_dav_svn for apache as the Subversion server.
I am making use of mod_authnz_ldap to restrict access to our repositories based on ldap-group membership and we are using Active Directory as our LDAP server. I want to also be able to set up path-based authorization and have the access based on the users ldap-group membership. I.E. currently the AuthzSVNAccessFile has the [groups] section but the only valid value that seems to work is the user name that the user authenticated with. [groups] proj1-devs = marry, jane, jim, bob proj2-dev = jill, jack, alex [proj1:/] proj1-devs = rw proj2-devs = r [proj2:/] proj1-devs = r proj2-devs = rw I would like to be able to define the groups based on ldap groups [groups] proj1-devs = CN=proj1_developers,ou=ldap,dc=mycorp,dc=com proj2-devs = CN=proj2_developers,ou=ldap,dc=mycorp,dc=com [proj1:/] proj1-devs = rw proj2-devs = r [proj2:/] proj1-devs = r proj2-devs = rw This way we don't have to update the access file each time a new user is added to the ldap group. Are there any plans to introduce this kind of functionality to mod_authnz_svn? Thanks -- Matthew Hamilton
