codepot/codepot/etc/codepot.a2ldap.in
hyung-hwan d5c9aa6f6d added a public field to a project.
added a new mod_perl handler for simpler access control
2014-05-15 16:17:21 +00:00

81 lines
2.2 KiB
Plaintext

#
# This file contains sample configuration to enable LDAP authentication
# for subversion webdav access. The actual configuration can be more
# complex than this file depending on your requirement.
#
<Location "/svn">
DAV svn
SVNParentPath "@DEPOTDIR@/svnrepo"
#SVNListParentPath on
Order deny,allow
#Deny from all
#Satisfy any
# Uncomment SSLRequireSSL below to disallow non-SSL access.
# Note that SSL must be enabled site-wide to use it.
# SSLRequireSSL
AuthType Basic
AuthName "@PACKAGE@"
#
# configure authentication below
#
#
# Apache version 2.1 or later
# mod_authnz_ldap
#
AuthBasicProvider ldap
# prevent other authenticatication moudles from authenticating users
# if this one fails. Set it to 'off' for 'require valid-user' as it
# is handled by mod_authz_user.
AuthzLDAPAuthoritative on
AuthLDAPGroupAttribute memberUid
AuthLDAPGroupAttributeIsDN off
AuthLDAPRemoteUserIsDN off
# ldap binding information
AuthLDAPURL ldap://127.0.0.1:389/ou=users,dc=sample,dc=net?uid
AuthLDAPBindDN cn=admin,dc=sample,dc=net
AuthLDAPBindPassword xxxxxxx
#Require ldap-group cn=users,ou=groups,dc=sample,dc=net
# Enable find-grained access control using the access file.
# The specified file must be located under the repository/conf subdirectory.
# AuthzSVNRespsRelativeAccessFile requried subversion 1.7 or later.
# If you're using a older version, there are no automatic repostory
# protection according to the project type (public/private)
# You may have to use AuthzSVNAccessFile for manual control globally
# in such a case.
# AuthzSVNReposRelativeAccessFile access.conf
# Satisfy All
# allow anynymous/guest for viewing and checking out
<Limit GET HEAD OPTIONS REPORT PROPFIND>
# Use 'Allow from all' to allow anonymous access.
#Allow from all
# 'Required valid-user' is more strict in that it requires a valid
# user name and password. You may create a guest account to supplement
# anonymous access.
Require valid-user
</Limit>
# require authentication for other operations
<LimitExcept GET HEAD OPTIONS REPORT PROPFIND>
Require ldap-group cn=coders,ou=groups,dc=sample,dc=net
</LimitExcept>
#
# Apache version 2.0.41
# mod_auth_ldap
#
</Location>