使用Linux颠覆AD组? [英] Subversion with AD Groups with Linux?
问题描述
我尝试将Windows SVN服务器迁移到Linux.
我已配置Apache以针对AD进行Useraccess验证,因此只有AD Users可以登录.
现在,我必须为具有authz文件的存储库设置权限.
当我使用AD用户名设置权限时,它可以工作,但AD群组却不能.
I try to migrate a Windows SVN Server to Linux.
I have configured Apache to validate against AD for Useraccess so only AD Users can logon.
Now i have to set permissions for repositories with authz files.
When i set permission with AD username it works, but AD groups it doesn't.
authz文件如下所示:
The authz file looks like the following:
[test:/]
user1=rw #That works
[test2:/]
@usergroup=rw #No access for the groupmembers
当我在authz文件中创建组并分配AD用户时,该内部组可以正常工作,但是我无法在2个位置管理组,因此每天都要做很多更改.
When I create groups inside the authz file and asign AD users, that internal group works fine, but i can't administer groups in 2 locations, there just to much changes made every day.
有人知道如何在authz文件中使用广告组吗?
Has anyone an idea, how to use AD groups inside authz files?
推荐答案
您应该使用sync_ldap_groups_to_svn_authz.py 在authz文件中获取广告组.您可以在bitbucket上获得它.
You culd use sync_ldap_groups_to_svn_authz.py to get AD groups in a authz file. You can get it at bitbucket.
用法示例:
python ./sync_ldap_groups_to_svn_authz.py \
-d "CN=access-TO-AD-user,OU=Users,OU=SiteName,OU=Europe,OU=St,DC=domainname,DC=com" \
-l "ldap://adserver.domainname.com:389" \
-b "OU=Groups,OU=SiiteName,OU=Europe,OU=St,DC=domainname,DC=com" \
-u "objectClass=person" -g "(&(objectClass=group)(cn=UniqueStringBeforSVN*))" \
-i "sAMAccountName" > ldaptest.txt
"\"标记了我的行刹车,因为这样的示例更容易阅读,请确保将它们全部写成一行!
"\" is marks my linebrake because it's easier to read the example like that please make shure you write it all in one line!
这篇关于使用Linux颠覆AD组?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!