On Feb 20, 2012, at 8:37 AM, Dimitri Maziuk wrote:
> On 2/20/2012 8:10 AM, Jason Miller wrote:
>
>> I was going to suggest this as well. We are nearing 1000 employees
>> we
> keep track of. Some needing access to a specific out of the many
> available SVN repos, some to Trac site 1, others to Trac site 2, etc
> etc... or all of the above. It became clear that in order to get
> permissions _correct_ for so many different scenarios, we needed a
> non-gui, scripted method (Build our own).
>
> ...
>> On top of the SVN and Trac permissions,
>> we
> needed to 'extend' the script to maintain Apache rules to specific
> directories within the multiple available Trac sites (due to externally
> linked document attachments).
>
> Won't apache's require_ldap_group do what you need?
>
> Dima
>
I am not sure I understand, as we are using ldap groups currently:
apache/ssl-vhost.conf:
#####
<Directory /srv/www/ssl/<removed location>>
AuthType Basic
AuthGroupFile /data/svn/authz_generator/apache_groups_acl
AuthName "Doxygen Access"
AuthBasicProvider ldap
AuthLDAPURL "ldap://<removed location>"
AuthzLDAPAuthoritative off
require group testing1
Allow from all
</Directory>
#####
and now the generated apache_groups_acl (generated by our script) file:
testing1:: someuser1 someuser2 someuser3
testing2:: someuser4 someuser5 someuser6
#####
Is there a better way? If so, please share!
Thanks,
Jason Miller
> --
> You received this message because you are subscribed to the Google Groups
> "Trac Users" group.
> To post to this group, send email to [email protected].
> To unsubscribe from this group, send email to
> [email protected].
> For more options, visit this group at
> http://groups.google.com/group/trac-users?hl=en.
>
--
You received this message because you are subscribed to the Google Groups "Trac
Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/trac-users?hl=en.
