0

We currently have a Subversion repository defined using a svn_auth_file for authorization. I would like to change this to use our LDAP server (a Windows Active Directory server). This way, users can use their Windows passwords and get access to the repository if they're in the right group.

I'd like to test this by creating a second definition to the same repository. The first <location> is what is currently there. The second <location> is what I would like to add.

Note that http://svn.vegicorp.com/svn/development and http://svn.vegicorp.com/dev point to the same repository. The first uses a svn_auth_file and the second one uses a LDAP server.

My question is there any harm in this setup. Will having different people accessing the repository in two different ways do any harm?

User csvn
Group csvn

<Location /svn>
  DAV svn
  SVNParentPath /mnt/svn/repositories
  AuthzSVNAccessFile /etc/opt/CollabNet_Subversion/conf/svn_access_file
  # Satisfy Any
  Require valid-user
  AuthType Basic
  AuthName "Subversion repository"
  AuthUserFile /etc/opt/CollabNet_Subversion/conf/svn_auth_file


<location /dev>
   DAV svn
   SVNPath /mnt/svn/repositories/development
   AuthType basic
   AuthName "Subversion repository"
   AuthBasicProvider ldap
   AuthzLDAPAuthoritative off
   AuthLDAPURL "ldap://nycd01.vegicorp.com:389/dc=vegicorp,dc=com?sAMAccountName" NONE
   AuthLDAPBindDN "CN=svnuser,OU=Users,OU=Accounts,DC=vegicorp,DC=com"
   AuthLDAPBindPassword "swordfish"
   Require ldap-group CN=Development,OU=Groups,DC=vegicorp,DC=com
</location>
David W.
  • 391
  • 3
  • 5
  • 15

1 Answers1

0

Because LDAP is single authz method in /dev location, I suppose AuthzLDAPAuthoritative on will be more correct

http://svn.vegicorp.com/svn/development and http://svn.vegicorp.com/dev are different and independent resources, different repositories (formally) with different user-sets. They can be used in parallel easy

Lazy Badger
  • 3,137
  • 15
  • 13
  • Yes, they are different resources according to Apache, but they refer to the same physical repository. What if two people commit a the same, and each on a different base URL. Will that mess up the repository? If won't cause any problems, I'm happy. – David W. Aug 15 '13 at 14:20
  • @DavidW. - two people can commit at the same time even in the same repo - commits in SVN are **atomic transactions**. And, because commits share common content, second (it timeline) commit will be blocked in case of intersected changes: "update before commit" – Lazy Badger Aug 15 '13 at 15:14
  • I know that two people cannot commit at the same time to the *same repo*, but you said they're "_different repositories (formally)_". Does that mean two people can commit to at the same time, or is there some internal mechanism in the repository itself that makes it impossible? – David W. Aug 15 '13 at 15:21
  • @DavidW. - two locations work with **single physical repository** (changes made in one location are immediately visible in second), thus - common rule will play here also – Lazy Badger Aug 15 '13 at 16:58