We have numerous subversion servers in our organization, specifically
so that we can have different access controls for each repo.
I'm trying to figure out if the way I'm thinking of deploying
ReviewBoard even makes sense, and if it does, I've got some questions.
Specifically, we want to make sure that the people allowed to access a
given repository in any way is just as restricted in reviewboard as it
is in Subversion. For Subversion, each repository has a list of owners,
and we generate the access control list for svn from those files.
For ReviewBoard, I'm planning to have a reviewboard configuration for
each Subversion repository (a separate database, primarily), and
different subsets of Apache configuration for each repository. Each
reviewboard configuration needs to authenticate against LDAP, and
prepopulate the list of users allowed for that review instance.
Does this make sense? Is there a better way?
It looks like, to prepopulate users, I can write a script that will
update the tables in MySQL. Is this a safe assumption?
How can I prevent people who have valid Active Directory credentials
from logging in? It looks like the LDAP support in backends.py will
automatically add users, but that's not what I want. Looks like the way
to prevent that is to patch the LDAP auth already there so that it
doesn't automatically create users. Is there some other way? Should I
submit an enhancement to disallow automatic creation of accounts?
Thanks for any help/direction you can offer.
Want to help the Review Board project? Donate today at
Happy user? Let us know at http://www.reviewboard.org/users/
To unsubscribe from this group, send email to
For more options, visit this group at