Crowd 1.4 : Integrating Crowd with Subversion
This page last changed on May 05, 2008 by smaddox.
Crowd's Subversion connector allows you to password-protect a Subversion repository and provide fine grained access by group or user. PrerequisitesConfiguring Crowd Authentication for SubversionIf you are using Apache to manage access to a Subversion repository (instructions), and are using Crowd to manage the Subversion authentication, then you can use the same configuration method to delegate user authentication to Crowd. Example: <Location /svn> # Uncomment this to enable the repository, DAV svn # Set this to the path to your repository SVNPath /var/lib/svn AuthName crowd AuthType Basic PerlAuthenHandler Apache::CrowdAuth PerlSetVar CrowdAppName subversion PerlSetVar CrowdAppPassword svn PerlSetVar CrowdSOAPURL http://localhost:8095/crowd/services/SecurityServer require valid-user # The following three lines allow anonymous read, but make # committers authenticate themselves. <LimitExcept GET PROPFIND OPTIONS REPORT> Require valid-user </LimitExcept> </Location> Note that Apache will have to be restarted before any changes to its config files will take effect. Configuring Crowd Authorisation for SubversionTo restrict Subversion repository access to certain groups and/or users, you can add the Apache::CrowdAuthz module and the CrowdAllowedGroups and CrowdAllowedUsers directives (described here). For more fine-grained access, the CrowdAuthzSVNAccessFile directive is provided. For example: PerlAuthzHandler Apache::CrowdAuthz PerlSetVar CrowdAuthzSVNAccessFile /etc/apache2/dav_svn.authz The CrowdAuthzSVNAccessFile setting lets you define a file where you can configure group and user access on a per-directory level. The format of the file is the same as that used by Subversion's own authorisation module, mod_authz_svn. Here's a small example: # Everyone has read access to the repository # (unless modified below). [/] * = r # Members of the bazdevelopers group can # read and write to the BazWord project [/BazWord] @bazdevelopers = rw # Members of the foodevelopers group can read and write # to the FooCalc project [/FooCalc] @foodevelopers = rw # Members of foodevelopers can read the branches # directory but only user juliag (the release manager) # can write to this path [/FooCalc/branches] juliag = rw @foodevelopers = r # peterc is a contractor, so he's denied all access to the statistics # module (which is full of trade secrets). [/FooCalc/trunk/statistics] peterc = Some notes:
RELATED TOPICS
![]() ![]() ![]() |
![]() |
Document generated by Confluence on May 08, 2008 19:36 |