subversion authentication with ldap and access control using apache 2.2

my operation system is FreeBSD 7

i place repositories in /usr/home/svn/

here is an example configuration fo apache at /usr/local/etc/apache22/Includes/mod_dav_svn.conf:

<Directory /usr/home/svn>
AllowOverride FileInfo AuthConfig Limit Indexes
<Limit GET POST OPTIONS>
Order allow,deny
Allow from all
</Limit>
<LimitExcept GET POST OPTIONS>
Order deny,allow
Deny from all
</LimitExcept>
</Directory>

<Location /svn>
DAV svn
SVNParentPath /usr/home/svn
SVNListParentPath on

# specify access control policy
AuthzSVNAccessFile /usr/home/svn/svn-access-file

AuthType Basic
AuthName “Subversion repository”

# Make LDAP the authentication mechanism
AuthBasicProvider ldap

# Make LDAP authentication is final
AuthzLDAPAuthoritative on

AuthLDAPURL “ldap://my-ldap-host:389/ou=People,dc=mis,dc=my-domain?uid?sub?(objectClass=*)”
Require valid-user

</Location>

now, we need to configure file /usr/home/svn/svn-access-file as following to control access right:

[groups]
#calc-developers = harry, sally, joe
admin = m1096345104, s1092137101

#[calc:/branches/calc/bug-142]
#harry = rw
#sally = r
# Groups can be granted access
#@paint-developers = rw

# possible to explicitly deny permission to someone via inheritance rules
#[calc:/branches/calc/bug-142/secret]
#harry =

[test:/]
@admin = rw

done.

reference: http://svnbook.red-bean.com/en/1.5/svn-book.html#svn.serverconfig.httpd.authz.perdir
http://svnbook.red-bean.com/en/1.5/svn-book.html#svn.serverconfig.pathbasedauthz

Filed under: 蟲的研究心得