I try to migrate a Windows SVN Server to Linux.
I have configured Apache to validate against AD for Useraccess so only AD Users can logon.
Now i have to set permissions for repositories with authz files.
When i set permission with AD username it works, but AD groups it doesn't.
The authz file looks like the following:
[test:/]
user1=rw #That works
[test2:/]
@usergroup=rw #No access for the groupmembers
When I create groups inside the authz file and asign AD users, that internal group works fine, but i can't administer groups in 2 locations, there just to much changes made every day.
Has anyone an idea, how to use AD groups inside authz files?
You culd use sync_ldap_groups_to_svn_authz.py
to get AD groups in a authz file. You can get it at bitbucket.
https://bitbucket.org/whitlockjc/jw-tools/src/e3396390e99bfbc566a4e8423a123abb4c00d655/sync_ldap_groups_to_svn_authz?at=default
Example of usage:
python ./sync_ldap_groups_to_svn_authz.py \
-d "CN=access-TO-AD-user,OU=Users,OU=SiteName,OU=Europe,OU=St,DC=domainname,DC=com" \
-l "ldap://adserver.domainname.com:389" \
-b "OU=Groups,OU=SiiteName,OU=Europe,OU=St,DC=domainname,DC=com" \
-u "objectClass=person" -g "(&(objectClass=group)(cn=UniqueStringBeforSVN*))" \
-i "sAMAccountName" > ldaptest.txt
"\" is marks my linebrake because it's easier to read the example like that please make shure you write it all in one line!
You can't automatically use AD groups inside the authz files.
A possibile solution could be writing a script that query the AD for the groups and their member users and writes the correct authz file, defining also the groups themselves.
The final output shuold be something like:
[groups]
usergroup = user1, user2, user3
[test:/]
user1 = rw
[test2:/]
usergroup = rw
