Folks,
Projects like GRASS, QGIS and OpenLayers have traditionally not had
"flat access" to their whole subversion respositories. In the case of
OpenLayers, for instance, I think they have a /sandbox area with much
broader access, and then the rest of the respository only accessable
to core commiters.
In the past we only allowed a single LDAP "group" for each repository
and so we were unable to practically offer this service. However, with
help from Chris Schmidt, and Howard Butler I was able to put a mechanism
into place for relatively convenient maintenance of authz files to define
authorization rules for a repository based on LDAP groups.
There is some extra administrative overhead for SAC in setting up these
scenarios, but it isn't bad. And thereafter the projects can administer
the members of the groups themselves. I have documented the approach at:
http://wiki.osgeo.org/index.php/Subversion#Authz_Rules
Best regards,
--
---------------------------------------+--------------------------------------
I set the clouds in motion - turn up | Frank Warmerdam, warmerdam@pobox.com
light and sound - activate the windows | http://pobox.com/~warmerdam
and watch the world go round - Rush | President OSGeo, http://osgeo.org
Frank, Howard, Chris, SAC,
thanks for your extra efforts to make this possible.
As "consumer" of the new service we are happy to
see that it was implemented very quickly.
This enables us to proceed with our migration to the
OSGeo infrastructure.
Best regards
Markus
On Dec 6, 2007 8:09 AM, Frank Warmerdam <warmerdam@pobox.com> wrote:
Folks,
Projects like GRASS, QGIS and OpenLayers have traditionally not had
"flat access" to their whole subversion respositories. In the case of
OpenLayers, for instance, I think they have a /sandbox area with much
broader access, and then the rest of the respository only accessable
to core commiters.
In the past we only allowed a single LDAP "group" for each repository
and so we were unable to practically offer this service. However, with
help from Chris Schmidt, and Howard Butler I was able to put a mechanism
into place for relatively convenient maintenance of authz files to define
authorization rules for a repository based on LDAP groups.
There is some extra administrative overhead for SAC in setting up these
scenarios, but it isn't bad. And thereafter the projects can administer
the members of the groups themselves. I have documented the approach at:
http://wiki.osgeo.org/index.php/Subversion#Authz_Rules
Best regards,
--
---------------------------------------+--------------------------------------
I set the clouds in motion - turn up | Frank Warmerdam, warmerdam@pobox.com
light and sound - activate the windows | http://pobox.com/~warmerdam
and watch the world go round - Rush | President OSGeo, http://osgeo.org