Apache subversioning with Active Directory groups integration
I had the task of creating a svn server with active directory authentication on linux.
The users connect to the repo using Tortoise Svn.
I have successfully integrated active directory groups for authentication on the repos.
I can set access permissions to different groups to different repos.
The problem is that all the members of the group that has access, have Read/Write access to a repo.
I wish to grant Read Only rights to some groups but I have not been able to do this.
The repos are defined in /etc/apache2/mods-available/dav-svn.conf
The definition of a repo looks like this.
<Location /svn/mysvnrepo> DAV svn SVNPath /var/lib/svn/mysvnrepo SVNListparentPath on SVNAutoversioning on AuthType Basic SVNReposName "Repotest" AuthName “mysvnrepo” AuthBasicProvider ldap AuthLDAPURL "ldap://10.10.1.1:389/DC=example,DC=local?sAMAccountName?sub?(objectClass=*)" <Limit GET PROPFIND OPTIONS REPORT> Require ldap-group CN=test,OU=tests,OU=S test,DC=example,DC=local </Limit> AuthLDAPBindDN "CN=svn bind,OU=tests,OU=S test,DC=example,DC=local" AuthLDAPBindPassword somepasswd </Location>
I really need to grant some groups Read Only access. Right now everybody has either full access or no access.