SVN Login using LDAP works, but files inside path not visible

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

SVN Login using LDAP works, but files inside path not visible

Julian Zielke

Hi,

 

I’m running an SVN using path-based authentication against our Samba Sernet AD.

So far everything is working fine but now I had to restrict access for a certain group for a specific path.

 

I’ve added the necessary lines in our apache2 configuration and reloaded it. Authentication with the new, restricted is working fine but in my browser

as well as in Tortouise I only see the “..” Link for jumping up one directory.

 

Using another user which also has permissions for all directories above, I can see those files inside.

 

So this might be a lack of permissions but I don’t know where.

 

  • Julian

Wichtiger Hinweis: Der Inhalt dieser E-Mail ist vertraulich und ausschließlich für den bezeichneten Adressaten bestimmt. Wenn Sie nicht der vorgesehene Adressat dieser E-Mail oder dessen Vertreter sein sollten, so beachten Sie bitte, dass jede Form der Kenntnisnahme, Veröffentlichung, Vervielfältigung oder Weitergabe des Inhalts dieser E-Mail unzulässig ist. Wir bitten Sie, sich in diesem Fall mit dem Absender der E-Mail in Verbindung zu setzen. Wir möchten Sie außerdem darauf hinweisen, dass die Kommunikation per E-Mail über das Internet unsicher ist, da für unberechtigte Dritte grundsätzlich die Möglichkeit der Kenntnisnahme und Manipulation besteht

Important Note: The information contained in this e-mail is confidential. It is intended solely for the addressee. Access to this e-mail by anyone else is unauthorized. If you are not the intended recipient, any form of disclosure, reproduction, distribution or any action taken or refrained from in reliance on it, is prohibited and may be unlawful. Please notify the sender immediately. We also would like to inform you that communication via e-mail over the internet is insecure because third parties may have the possibility to access and manipulate e-mails.

Reply | Threaded
Open this post in threaded view
|

Re: SVN Login using LDAP works, but files inside path not visible

Daniel Shahaf-2
Julian Zielke wrote on Fri, May 05, 2017 at 07:08:05 +0000:
> [...] I only see the ".." Link for jumping up one directory.
>
> Using another user which also has permissions for all directories above, I can see those files inside.
>
> So this might be a lack of permissions but I don't know where.

You can use "svnauthz accessof" to debug your authz file.  
Reply | Threaded
Open this post in threaded view
|

AW: SVN Login using LDAP works, but files inside path not visible

Julian Zielke
Well this doesn't help me much because unlike Git, SVN doesn't use file-based repositories but an internal database.
svnauthz accessof only allows file-urls but not repository URLs.

- Julian

-----Ursprüngliche Nachricht-----
Von: Daniel Shahaf [mailto:[hidden email]]
Gesendet: Samstag, 6. Mai 2017 04:01
An: Julian Zielke <[hidden email]>
Cc: [hidden email]
Betreff: Re: SVN Login using LDAP works, but files inside path not visible

Julian Zielke wrote on Fri, May 05, 2017 at 07:08:05 +0000:
> [...] I only see the ".." Link for jumping up one directory.
>
> Using another user which also has permissions for all directories above, I can see those files inside.
>
> So this might be a lack of permissions but I don't know where.

You can use "svnauthz accessof" to debug your authz file.
Wichtiger Hinweis: Der Inhalt dieser E-Mail ist vertraulich und ausschließlich für den bezeichneten Adressaten bestimmt. Wenn Sie nicht der vorgesehene Adressat dieser E-Mail oder dessen Vertreter sein sollten, so beachten Sie bitte, dass jede Form der Kenntnisnahme, Veröffentlichung, Vervielfältigung oder Weitergabe des Inhalts dieser E-Mail unzulässig ist. Wir bitten Sie, sich in diesem Fall mit dem Absender der E-Mail in Verbindung zu setzen. Wir möchten Sie außerdem darauf hinweisen, dass die Kommunikation per E-Mail über das Internet unsicher ist, da für unberechtigte Dritte grundsätzlich die Möglichkeit der Kenntnisnahme und Manipulation besteht

Important Note: The information contained in this e-mail is confidential. It is intended solely for the addressee. Access to this e-mail by anyone else is unauthorized. If you are not the intended recipient, any form of disclosure, reproduction, distribution or any action taken or refrained from in reliance on it, is prohibited and may be unlawful. Please notify the sender immediately. We also would like to inform you that communication via e-mail over the internet is insecure because third parties may have the possibility to access and manipulate e-mails.
Reply | Threaded
Open this post in threaded view
|

Re: SVN Login using LDAP works, but files inside path not visible

Daniel Shahaf-2
Julian Zielke wrote on Tue, May 09, 2017 at 08:26:43 +0000:
> Well this doesn't help me much because unlike Git, SVN doesn't use file-based repositories but an internal database.
> svnauthz accessof only allows file-urls but not repository URLs.

The file:// URLs are one of specifying the path to the authz file.
They're there to support the "storing the authz file as a versioned
file" feature.  If you store the authz file as a normal on-disk file,
just pass its on-disk / OS path for the TARGET argument.

If that doesn't answer your question, then please do clarify it.  What
is your use-case and in what way does svnauthz seem to fall short of it?

Cheers,
Reply | Threaded
Open this post in threaded view
|

AW: SVN Login using LDAP works, but files inside path not visible

Julian Zielke
Hi,

well we're not using the authz-file but path-based authentication like:

        <Location "/svn/path1/subdir">
        Include conf/ldap_auth_credentials.conf
        AllowOverride None
        SVNPath /disk01/svn/repositories/repo01

        # READ/WRITE
          <LimitExcept GET PROPFIND OPTIONS REPORT>
                Require ldap-group CN=a_write_group,OU=an_ou,DC=domain,DC=local
          </LimitExcept>

        # READ
          <Limit GET PROPFIND OPTIONS REPORT>
                Require ldap-group CN=a_read_group,OU=an_ou,DC=domain,DC=local
                Require ldap-group CN=a_write_group,OU=an_ou,DC=domain,DC=local
          </Limit>
         </Location>

- Julian

-----Ursprüngliche Nachricht-----
Von: Daniel Shahaf [mailto:[hidden email]]
Gesendet: Dienstag, 9. Mai 2017 12:48
An: [hidden email]
Betreff: Re: SVN Login using LDAP works, but files inside path not visible

Julian Zielke wrote on Tue, May 09, 2017 at 08:26:43 +0000:
> Well this doesn't help me much because unlike Git, SVN doesn't use file-based repositories but an internal database.
> svnauthz accessof only allows file-urls but not repository URLs.

The file:// URLs are one of specifying the path to the authz file.
They're there to support the "storing the authz file as a versioned file" feature.  If you store the authz file as a normal on-disk file, just pass its on-disk / OS path for the TARGET argument.

If that doesn't answer your question, then please do clarify it.  What is your use-case and in what way does svnauthz seem to fall short of it?

Cheers,
Wichtiger Hinweis: Der Inhalt dieser E-Mail ist vertraulich und ausschließlich für den bezeichneten Adressaten bestimmt. Wenn Sie nicht der vorgesehene Adressat dieser E-Mail oder dessen Vertreter sein sollten, so beachten Sie bitte, dass jede Form der Kenntnisnahme, Veröffentlichung, Vervielfältigung oder Weitergabe des Inhalts dieser E-Mail unzulässig ist. Wir bitten Sie, sich in diesem Fall mit dem Absender der E-Mail in Verbindung zu setzen. Wir möchten Sie außerdem darauf hinweisen, dass die Kommunikation per E-Mail über das Internet unsicher ist, da für unberechtigte Dritte grundsätzlich die Möglichkeit der Kenntnisnahme und Manipulation besteht

Important Note: The information contained in this e-mail is confidential. It is intended solely for the addressee. Access to this e-mail by anyone else is unauthorized. If you are not the intended recipient, any form of disclosure, reproduction, distribution or any action taken or refrained from in reliance on it, is prohibited and may be unlawful. Please notify the sender immediately. We also would like to inform you that communication via e-mail over the internet is insecure because third parties may have the possibility to access and manipulate e-mails.