views:

232

answers:

1

I have a subversion server running with apache. It authenticates users using LDAP in apache configuration and uses SVN authorizations to limit user access to certain repositories. This works perfectly.

Apache

DAV svn
SVNParentPath /srv/svn
SVNListParentPath Off
SVNPathAuthz Off
AuthType Basic
AuthName "Subversion Repository"
AuthBasicProvider ldap
AuthLDAPBindDN        # private stuff
AuthLDAPBindPassword  # private stuff
AuthLDAPURL           # private stuff
Require valid-user
AuthzSVNAccessFile /etc/apache2/dav_svn.authz

Subversion

[groups]
soft = me, and, all, other, developpers

Adding anonymous access from one machine

Now, I have a service I want to setup (rietveld, for code reviews) that needs to have an anonymous access to the repository. As this is a web service, accesses are always done from the same server. Thus I added apache configuration to allow all accesses from this machine. This did not work until I add an additional line in the authorization file to allow read access to all users.

Apache

<Limit GET PROPFIND OPTIONS REPORT>
  Order allow,deny
  Allow from # private IP address
  Satisfy Any
</Limit>

Subversion

[Software:/]
@soft = rw
* = r                    # <-- This is the added line

For instance, before I add the authorization from a specific IP, all users were authenticated, and thus had a name. Now, some accesses are done without a user name! I found the - user name in the apache log files, but the line - = r does not work, neither do anonymous = r. I'd like not to allow read access to everyone in SVN authorization. How can I do this?

+1  A: 

Try putting this in your authz file:

[Software:/]
@soft = rw
$anonymous=r
user9876