I try to migrate a Windows SVN Server to Linux.
I have configured Apache to validate against AD for Useraccess so only AD Users can logon.
Now i have to set permissions for repositories with authz files.
When i set permission with AD username it works, but AD groups it doesn't.
我尝试将Windows SVN服务器迁移到Linux。我已将Apache配置为针对Useraccess的AD进行验证,因此只有AD用户才能登录。现在我必须使用authz文件设置存储库的权限。当我使用AD用户名设置权限时,它可以正常工作,但AD组却没有。
The authz file looks like the following:
authz文件如下所示:
[test:/]
user1=rw #That works
[test2:/]
@usergroup=rw #No access for the groupmembers
When I create groups inside the authz file and asign AD users, that internal group works fine, but i can't administer groups in 2 locations, there just to much changes made every day.
当我在authz文件中创建组并为AD用户设置时,该内部组工作正常,但我不能在2个位置管理组,每天只进行很多更改。
Has anyone an idea, how to use AD groups inside authz files?
有谁有想法,如何在authz文件中使用AD组?
2 个解决方案
#1
4
You culd use sync_ldap_groups_to_svn_authz.py to get AD groups in a authz file. You can get it at bitbucket.
您需要使用sync_ldap_groups_to_svn_authz.py来获取authz文件中的AD组。你可以在bitbucket得到它。
Example of usage:
用法示例:
python ./sync_ldap_groups_to_svn_authz.py \
-d "CN=access-TO-AD-user,OU=Users,OU=SiteName,OU=Europe,OU=St,DC=domainname,DC=com" \
-l "ldap://adserver.domainname.com:389" \
-b "OU=Groups,OU=SiiteName,OU=Europe,OU=St,DC=domainname,DC=com" \
-u "objectClass=person" -g "(&(objectClass=group)(cn=UniqueStringBeforSVN*))" \
-i "sAMAccountName" > ldaptest.txt
"\" is marks my linebrake because it's easier to read the example like that please make shure you write it all in one line!
“\”标志着我的线条制动器,因为它更容易阅读这样的例子,请确保你把它全部写在一行!
#2
2
You can't automatically use AD groups inside the authz files.
您无法在authz文件中自动使用AD组。
A possibile solution could be writing a script that query the AD for the groups and their member users and writes the correct authz file, defining also the groups themselves.
一个可能的解决方案是编写一个脚本,为组及其成员用户查询AD,并写入正确的authz文件,同时定义组本身。
The final output shuold be something like:
最终的输出结果如下:
[groups]
usergroup = user1, user2, user3
[test:/]
user1 = rw
[test2:/]
usergroup = rw
#1
4
You culd use sync_ldap_groups_to_svn_authz.py to get AD groups in a authz file. You can get it at bitbucket.
您需要使用sync_ldap_groups_to_svn_authz.py来获取authz文件中的AD组。你可以在bitbucket得到它。
Example of usage:
用法示例:
python ./sync_ldap_groups_to_svn_authz.py \
-d "CN=access-TO-AD-user,OU=Users,OU=SiteName,OU=Europe,OU=St,DC=domainname,DC=com" \
-l "ldap://adserver.domainname.com:389" \
-b "OU=Groups,OU=SiiteName,OU=Europe,OU=St,DC=domainname,DC=com" \
-u "objectClass=person" -g "(&(objectClass=group)(cn=UniqueStringBeforSVN*))" \
-i "sAMAccountName" > ldaptest.txt
"\" is marks my linebrake because it's easier to read the example like that please make shure you write it all in one line!
“\”标志着我的线条制动器,因为它更容易阅读这样的例子,请确保你把它全部写在一行!
#2
2
You can't automatically use AD groups inside the authz files.
您无法在authz文件中自动使用AD组。
A possibile solution could be writing a script that query the AD for the groups and their member users and writes the correct authz file, defining also the groups themselves.
一个可能的解决方案是编写一个脚本,为组及其成员用户查询AD,并写入正确的authz文件,同时定义组本身。
The final output shuold be something like:
最终的输出结果如下:
[groups]
usergroup = user1, user2, user3
[test:/]
user1 = rw
[test2:/]
usergroup = rw