On 8/22/2012 3:48 PM, Ben Johnson wrote: > > > On 8/22/2012 2:39 PM, Eric Covener wrote: >>> http://www.svnforum.org/threads/37237-AuthzSVNAccessFile-Require-ldap-group >> >> That thread predates the authorization containers from 2.4 recommended >> in this thread. Maybe there are plans for AuthzSVN to interoperate, >> or maybe it already does. > > Thanks, Eric. Your attention to detail is much appreciated. > > I didn't notice that these containers were introduced in a version later > than the one I'm using (I'm using 2.2.14 and they were introduced in > 2.3). No wonder they didn't work as expected. Shame on me. > > I'll set-up a VM with the required version and see if it makes a difference. > > And, of course, I'll report my findings to the list. > > If in the meantime somebody reads this and believes that > interoperability between the two modules was introduced with 2.3 or > later, please do speak-up. :) > > Thanks again, > > -Ben I need a stop-gap solution until I have a chance to test the new authorization containers in Apache >= 2.3 and see if they "play nicely" with AuthzSVN. So, it's back to using simply "Require valid-user" in the <Location></Location> block and handling everything else in the AuthzSVNAccessFile. One "problem" I've noticed is that when a user who does not have any access to the repository via the AuthzSVNAccessFile, but who does meet "Require valid-user" requirement, attempts to access this <Location>, Apache gets stuck in a redirect loop, logging the following with each request until the user-agent (browser) puts a stop to it: Access denied: 'user' GET repo:/ The Apache configuration directives are: -------------------- <Location /svn/repo> AuthType Basic AuthName "SVN Repository" AuthBasicProvider dbm AuthDBMType DB AuthDBMUserFile "/var/www/apache-users" AuthDBMGroupFile "/var/www/apache-users" Require valid-user DAV svn AuthzSVNAccessFile /var/www/projects/svn-access-control-v2.cfg SVNPath /var/www/svn/repo </Location> -------------------- The AuthzSVNAccessFile contents are: -------------------- [groups] admins = joe programmers = john, sam, sally clients = larry [/] @admins = rw @programmers = r @clients = r -------------------- If I authenticate as "joe", for example, I am able to navigate the repository without issue. But, if I authenticate as a user does not appear anywhere in the AuthzSVNAccessFile, I am hit with the infinite redirect loop. Am I doing something silly? Or is this a known issue (perhaps one that's been fixed)? Thanks for any help! -Ben --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|