No announcement yet.

how to use 2 groups in ldap authentication

  • Filter
  • Time
  • Show
Clear All
new posts

  • how to use 2 groups in ldap authentication

    is it possible to use 2 groups for ldap authentication.
    we have a main ldap group for all the developers, we just have this main developer group list in the LDAP base DN.
    but in another department, they also have some developers. they also want to use svn.
    How do you all normally handle this situation?

  • #2
    In general, if you want solid AuthZ for your Subversion access then you should use the Path Based AuthZ ([url][/url]). You can choose to do the AuthZ for entire repositories or use sub-repository constructs.

    Honestly, it doesn't take much scripting to use ldapsearch to query your LDAP server for those accounts that are members of those 2 groups and then generate a proper AuthZ file for your repository.

    I've seen people muck with Apache's AuthN using LDAP groups and that never really works out correctly - mostly due to their being 2 different Subversion protocols and they end up using different WebDav requests. Don't go that route.