Apache subversioning with Active Directory groups integration

rocknum

Hello there



I had the task of creating a svn server with active directory authentication on linux.

The users connect to the repo using Tortoise Svn.

I have successfully integrated active directory groups for authentication on the repos.



I can set access permissions to different groups to different repos.





The problem is that all the members of the group that has access, have Read/Write access to a repo.

I wish to grant Read Only rights to some groups but I have not been able to do this.



The repos are defined in /etc/apache2/mods-available/dav-svn.conf



The definition of a repo looks like this.

 

<Location /svn/mysvnrepo>

    DAV svn
    SVNPath /var/lib/svn/mysvnrepo
    SVNListparentPath on
    SVNAutoversioning on
    AuthType Basic

    SVNReposName "Repotest"
    AuthName “mysvnrepo”

    AuthBasicProvider ldap
    AuthLDAPURL "ldap://10.10.1.1:389/DC=example,DC=local?sAMAccountName?sub?(objectClass=*)"

<Limit GET PROPFIND OPTIONS REPORT>

    Require ldap-group CN=test,OU=tests,OU=S test,DC=example,DC=local

</Limit>

    AuthLDAPBindDN "CN=svn bind,OU=tests,OU=S test,DC=example,DC=local"
    AuthLDAPBindPassword somepasswd
</Location>

I really need to grant some groups Read Only access. Right now everybody has either full access or no access.

Thank you