0

我已经使用 ldap 设置了一个系统来控制对 svn repos 的访问。

目前 ldap 用户可以获得对存储库的完全访问权限。

我想要实现的目标:在 ldap 中为一个 svn 存储库设置 2 个组:

  • 项目开发者

  • project_guest

在哪里

  • project_developer 具有读写权限

  • project_guest 具有只读访问权限。

有谁知道如何使这项工作?或任何提示将不胜感激

提前致谢。

环境

  • CentOS 4.9 版(最终版)
  • 阿帕奇 2
  • 颠覆版本 1.4.6 (r28521)
4

1 回答 1

0 
<Location />
      AuthBasicProvider ldap
      AuthType Basic
      AuthName "SVN Server"
      #general user for ldap requests which password never expire
      AuthLDAPBindDN insertLdapUserHere
      AuthLDAPBindPassword insertPasswordForLdapUserHere
      AuthLDAPURL ldap://ldapServerHostName.companyXYZ.com:3268/?userPrincipalName?sub?(objectClass=user)
      Require valid-user

    </Location>
    <Location /path/to/repo/which/apear/in/webbrowser>

      # Uncomment this to enable the repository
      DAV svn

      # Set this to the path to your repository
      SVNPath /absolute/path/to/the/repo

      #set order of authentification
      Order Deny,Allow
      #generally disallow for all
      Deny from all
      #only allow for Germany and Amerika
      Allow from GER.companyXYZ.com US.companyXYZ.com
      # allow read and write access to ldap modify group
      # IMPROTANT: User full qualified name for group
      Require ldap-group CN=Modiy-GroupName,OU=Groups,OU=DomainName,DC=companyXYZ,DC=com
      # for read request allow all users in the read group
      # Limit handle only the read access commands, if such a command will be received, it checks the Read-Group
      <Limit OPTIONS PROPFIND GET REPORT>
        Require ldap-group CN=Read-GroupName,OU=Groups,OU=DomainName,DC=companyXYZ,DC=com
      </Limit>
    </Location>
于 2015-10-09T06:33:46.053 回答