3

I am configuring a subversion repository to use basic LDAP authentication. I have an entry in my http.conf file that looks like this:

<Location /company/some/location>
DAV svn
SVNPath /repository/some/location
AuthType Basic
AuthName LDAP
AuthBasicProvider ldap
Require valid-user
AuthLDAPBindDN "cn=SubversionAdmin,ou=admins,o=company.com"
AuthLDAPBindPassword "XXXXXXX"
AuthLDAPURL "ldap://company.com/ou=people,o=company.com?personid"
</Location>

This works fine for living, breathing people who need to log in. However, I also need to provide application accounts access to the repository. These accounts are in a different OU. Do I need to add a whole new <location> element, or can I add a second AuthLDAPURLto the existing entry?

dbyrne
  • 198
  • 7

1 Answers1

5

You can use mod_authn_alias to create aliases for your providers. There was an example in this question for pretty much exactly the same use case:

<AuthnProviderAlias ldap alpha>
  AuthLDAPBindDN "CN=Subversion,OU=Service Accounts,O=Alpha"
  AuthLDAPBindPassword [[REDACTED]]
  AuthLDAPURL ldap://dc01.alpha:3268/?sAMAccountName?sub?
</AuthnProviderAlias>

<AuthnProviderAlias ldap beta>
  AuthLDAPBindDN "CN=LDAPAuth,OU=Service Accounts,O=Beta"
  AuthLDAPBindPassword [[REDACTED]]
  AuthLDAPURL ldap://ldap.beta:3268/?sAMAccountName?sub?
</AuthnProviderAlias>

# Subversion Repository
<Location /svn>
  DAV svn
  SVNPath /opt/svn/repo
  AuthName "Subversion"
  AuthType Basic
  AuthBasicProvider alpha beta
  AuthzLDAPAuthoritative off
  AuthzSVNAccessFile /opt/svn/authz
  require valid-user
</Location>
Kamil Kisiel
  • 11,946
  • 7
  • 46
  • 68
  • I want to provide a repo at /svn which is only available to staff, and then allow customers to access their individual subdirectories like /svn/customerA? We have only one repo. Will this work for that? – Stefan Lasiewski May 14 '10 at 18:53
  • @Stefan: Yes, you can do that. Just use the authz file to limit read/write access. – Kamil Kisiel May 15 '10 at 05:55