[prev in list] [next in list] [prev in thread] [next in thread]
List: subversion-users
Subject: Re: svn commit failing - username not sent on the MERGE webdav command
From: Branko_Čibej <brane () apache ! org>
Date: 2017-08-11 11:16:21
Message-ID: abc395ec-6e37-a54a-70d2-1427aa9a04d8 () apache ! org
[Download RAW message or body]
On 10.08.2017 23:12, greg@gregj.me wrote:
> Ok I think this is onto something. I changed
>
> <LimitExcept MERGE> to <LimitExcept GET> and the commit worked. When I removed the \
> LIMITEXCEPT completely it didn't even request my password (and failed).
> I'll have our tester test it with that tonight if possible.
>
> Thank You!
>
> Question: What *should* be specified?
If you want all access to be authenticated, you do not need a <Limit> or
<LimitExcept> clause; just the "Require valid-user".
You'd use Limit(Except) in order to impose read-only and read-write
distinction in the request level, before mod_authz_svn kicks in. Here's
an example, the config I use at $DAYJOB for httpd 2.4.x:
<RequireAll>
Require valid-user
<Limit HEAD GET OPTIONS PROPFIND REPORT>
<RequireAny>
Require ldap-group cn=dev,ou=group,dc=example,dc=com
Require ldap-group cn=dev.readonly,ou=group,dc=example,dc=com
# More reader groups here
</RequireAny>
</Limit>
<LimitExcept HEAD GET OPTIONS PROPFIND REPORT>
<RequireAny>
Require ldap-group cn=dev,ou=group,dc=example,dc=com
# More writer groups here
</RequireAny>
</LimitExcept>
</RequireAll>
I have LDAP authentication set up, and group assignments in LDAP to
distinguish between users with only read access and users with
read/write access. Notice how I use Limit and LimitExcept so that the
list of request methods is the same in both clauses, makes it easy to
check the config by eye and I only have to remember what the "read
access" methods are. :)
-- Brane
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic