Apache subversioning with Active Directory groups integration

rocknum · May 2016

Hello there

I had the task of creating a svn server with active directory authentication on linux.

The users connect to the repo using Tortoise Svn.

I have successfully integrated active directory groups for authentication on the repos.

I can set access permissions to different groups to different repos.

The problem is that all the members of the group that has access, have Read/Write access to a repo.

I wish to grant Read Only rights to some groups but I have not been able to do this.

The repos are defined in /etc/apache2/mods-available/dav-svn.conf

The definition of a repo looks like this.


&lt;Location /svn/mysvnrepo&gt;

    DAV svn
    SVNPath /var/lib/svn/mysvnrepo
    SVNListparentPath on
    SVNAutoversioning on
    AuthType Basic

    SVNReposName "Repotest"
    AuthName “mysvnrepo”

    AuthBasicProvider ldap
    AuthLDAPURL "ldap://10.10.1.1:389/DC=example,DC=local?sAMAccountName?sub?(objectClass=*)"

&lt;Limit GET PROPFIND OPTIONS REPORT&gt;

    Require ldap-group CN=test,OU=tests,OU=S test,DC=example,DC=local

&lt;/Limit&gt;

    AuthLDAPBindDN "CN=svn bind,OU=tests,OU=S test,DC=example,DC=local"
    AuthLDAPBindPassword somepasswd
&lt;/Location&gt;

I really need to grant some groups Read Only access. Right now everybody has either full access or no access.

Thank you