Subversion with AD groups with Linux?
I am trying to port Windows SVN Server to Linux.
I have configured Apache to check for AD for Useraccess, so only AD users can login.
Now I need to set permissions for repositories with authz files.
When I set permission with AD username it works, but AD groups don't.
The authz file looks like this:
[test:/]
user1=rw #That works
[test2:/]
@usergroup=rw #No access for the groupmembers
When I create groups inside authz and asign file for AD users, this internal group works fine, but I can't administer groups in two places, there are just a lot of changes made every day.
Does anyone have an idea how to use AD groups inside authz files?
You are using sync_ldap_groups_to_svn_authz.py protocol to get AD groups in authz. You can get it in bitbucket.
Usage example:
python ./sync_ldap_groups_to_svn_authz.py \
-d "CN=access-TO-AD-user,OU=Users,OU=SiteName,OU=Europe,OU=St,DC=domainname,DC=com" \
-l "ldap://adserver.domainname.com:389" \
-b "OU=Groups,OU=SiiteName,OU=Europe,OU=St,DC=domainname,DC=com" \
-u "objectClass=person" -g "(&(objectClass=group)(cn=UniqueStringBeforSVN*))" \
-i "sAMAccountName" > ldaptest.txt
"\" is my line symbol because it is easier for you to read the example, for example, make it so that you write it all on one line!
source to share
You cannot automatically use AD groups inside authz files.
A possible solution would be to write a script that queries AD for groups and their member users and writes the correct authz file defining the groups themselves as well.
The final output of shuold will be something like this:
[groups]
usergroup = user1, user2, user3
[test:/]
user1 = rw
[test2:/]
usergroup = rw
source to share