Documentation for Crowd 1.4. Documentation for other versions of Crowd is available too.

Install the Crowd Apache connector first

To use the Subversion connector, you will need to have the Crowd Apache Connector already installed.

Crowd's Subversion connector allows you to password-protect a Subversion repository and provide fine grained access by group or user.

Prerequisites

Configuring Crowd Authentication for Subversion

If you are using Apache to manage access to a Subversion repository (instructions), and are using Crowd to manage the Subversion authentication, then you can use the same configuration method to delegate user authentication to Crowd.

例: 

<Location /svn>

 # Uncomment this to enable the repository,
 DAV svn

 # Set this to the path to your repository
 SVNPath /var/lib/svn

 AuthName crowd
 AuthType Basic

 PerlAuthenHandler Apache::CrowdAuth
 PerlSetVar CrowdAppName subversion
 PerlSetVar CrowdAppPassword svn
 PerlSetVar CrowdSOAPURL http://localhost:8095/crowd/services/SecurityServer

 require valid-user

 # The following three lines allow anonymous read, but make
 # committers authenticate themselves.
 <LimitExcept GET PROPFIND OPTIONS REPORT>
 Require valid-user
 </LimitExcept>

</Location>

Note that Apache will have to be restarted before any changes to its config files will take effect.

Configuring Crowd Authorisation for Subversion

To restrict Subversion repository access to certain groups and/or users, you can add the Apache::CrowdAuthz module and the CrowdAllowedGroups and CrowdAllowedUsers directives (described here).

For more fine-grained access, the CrowdAuthzSVNAccessFile directive is provided. Add the following lines (modifying the file location to fit your configuration) to the example above to enable CrowdAuthzSVNAccessFile directive.

  PerlAuthzHandler Apache::CrowdAuthz
  PerlSetVar CrowdAuthzSVNAccessFile /etc/apache2/dav_svn.authz

The CrowdAuthzSVNAccessFile setting lets you define a file where you can configure group and user access on a per-directory level.

The format of the file is the same as that used by Subversion's own authorisation module, mod_authz_svn. Here's a small example:

# Everyone has read access to the repository
# (unless modified below).
[/]
* = r

# Members of the bazdevelopers group can
# read and write to the BazWord project
[/BazWord]
@bazdevelopers = rw

# Members of the foodevelopers group can read and write
# to the FooCalc project
[/FooCalc]
@foodevelopers = rw

# Members of foodevelopers can read the branches
# directory but only user juliag (the release manager)
# can write to this path
[/FooCalc/branches]
juliag = rw
@foodevelopers = r

# peterc is a contractor, so he's denied all access to the statistics
# module (which is full of trade secrets).
[/FooCalc/trunk/statistics]
peterc =

Some notes:

  • The format is a series of one or more repository paths (minus the leading URL) followed by one or more group or user directives for each path.
  • You don't have to include every single path. If an exact path match isn't found, the settings for the nearest parent directory are used.
  • A user or group can be set to one of:
    • rw: read and write access.
    • r: read-only access.
    • <blank>: no access.
  • Group names are indicated by a leading '@' character.
  • Lines starting with a '#' are comments.
  • Note that the [groups] section of the file described in the Subversion docs is ignored by Apache::CrowdAuthz as group memberships come from Crowd.
  • Don't prefix the paths in the file with the repository name (e.g. '[calc:/foo]') (see note on SVNParentPath below).
  • If you specify a CrowdAuthzSVNAccessFile as well as one or both of CrowdAllowedGroups and CrowdAllowedUsers, only the CrowdAuthzSVNAccessFile is used for authorisation.

    SVNParentPath Not Supported

    Subversion provides the SVNParentPath directive, which allows multiple repositories in the same directory to use the same URL. The Crowd Apache integration modules do not support the use of SVNParentPath.

    For a detailed description of this file format, see the Subversion documentation.
関連トピック

Crowd Documentation





Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution 2.5 Australia License.