This documentation relates to an earlier version of Crowd.
View this page in the current documentation or visit the current documentation home.
Skip to end of metadata
Comment: Corrected links that should have been relative instead of absolute.
Go to start of metadata
Install the Crowd Apache connector first

To use the Subversion connector, you will need to have the Crowd Apache Connector already installed.

Crowd's Subversion connector allows you to password-protect a Subversion repository and provide fine grained access by group or user.

Prerequisites

Configuring Crowd Authentication for Subversion

If you are using Apache to manage access to a Subversion repository (instructions), and are using Crowd to manage the Subversion authentication, then you can use the same configuration method to delegate user authentication to Crowd.

Example:

Note that Apache will have to be restarted before any changes to its config files will take effect.

Configuring Crowd Authorisation for Subversion

To restrict Subversion repository access to certain groups and/or users, you can add the Apache::CrowdAuthz module and the CrowdAllowedGroups and CrowdAllowedUsers directives (described here).

For more fine-grained access, the CrowdAuthzSVNAccessFile directive is provided. For example:

  PerlAuthzHandler Apache::CrowdAuthz
  PerlSetVar CrowdAuthzSVNAccessFile /etc/apache2/dav_svn.authz

The CrowdAuthzSVNAccessFile setting lets you define a file where you can configure group and user access on a per-directory level.

The format of the file is the same as that used by Subversion's own authorisation module, mod_authz_svn. Here's a small example:

# Everyone has read access to the repository
# (unless modified below).
[/]
* = r

# Members of the bazdevelopers group can
# read and write to the BazWord project
[/BazWord]
@bazdevelopers = rw

# Members of the foodevelopers group can read and write
# to the FooCalc project
[/FooCalc]
@foodevelopers = rw

# Members of foodevelopers can read the branches
# directory but only user juliag (the release manager)
# can write to this path
[/FooCalc/branches]
juliag = rw
@foodevelopers = r

# peterc is a contractor, so he's denied all access to the statistics
# module (which is full of trade secrets).
[/FooCalc/trunk/statistics]
peterc =

Some notes:

  • The format is a series of one or more repository paths (minus the leading URL) followed by one or more group or user directives for each path.
  • You don't have to include every single path. If an exact path match isn't found, the settings for the nearest parent directory are used.
  • A user or group can be set to one of:
    • rw: read and write access.
    • r: read-only access.
    • <blank>: no access.
  • Group names are indicated by a leading '@' character.
  • Lines starting with a '#' are comments.
  • Note that the [groups] section of the file described in the Subversion docs is ignored by Apache::CrowdAuthz as group memberships come from Crowd.
  • Don't prefix the paths in the file with the repository name (e.g. '[calc:/foo]') (see note on SVNParentPath below).
  • If you specify a CrowdAuthzSVNAccessFile as well as one or both of CrowdAllowedGroups and CrowdAllowedUsers, only the CrowdAuthzSVNAccessFile is used for authorisation.
    SVNParentPath Not Supported

    Subversion provides the SVNParentPath directive, which allows multiple repositories in the same directory to use the same URL. The Crowd Apache integration modules do not support the use of SVNParentPath.

    For a detailed description of this file format, see the Subversion documentation.

Related Topics

Crowd 1.2 Documentation