SVN configuration for groups and path-based authorization (groups + authz)


I am trying to configure my Subversion repositories to use a global groups file (coming from the output of LDAP Groups to Subversion Authz Groups Bridge script) in conjuction with the use of a per-repository authz file. For the moment I use svnserve, so my configuration file is svnserve.conf.
I would use the "groups-db" option but the svnserve.conf manual doesn't even list it, and there are very few web pages talking about it. Not really better for the AuthzSVNGroupsFile option within Apache. Since I find no ressource that addresses the issue, I am trying to get help from the community.

The problem:
Alone, the "groups-db" and the "authz-db" work perfectly well. But as soon as I enable both at the same time, I have an error from my SVN client: Invalid authz configuration.
Here is an extract from my configuration file:

authz-db = authz
groups-db = ^/../groups_test.txt

Access rights on the files are defined so that svnserve can read them.
Even more weird: the problem exists even if the files are both empty!

From a mail archive of the SVN devs list I can read:

When the 'AuthzSVNGroupsFile' option is used, it is prohibited to define
groups in the authz files.

OK but my files are empty for the moment 🙂

The question:
Is it possible to use both files on a single repository? I suppose yes, but I can't get it to work.

Best Answer

I have found the problem by myself, sorry for having posted the question publicly. Hope it will help others.

I have missunderstood the use of the "repository relative path" prefix (^/). This means "inside the repository, at the root directory" (like svn://myserver/myrepo/). I was trying to use it as a shortcut to my repository files on the server (/var/svn/myrepo), but the corresponding file did not exist on the repo. Everything is working like a charm now, with the following config:

authz-db = authz
groups-db = /var/svn/authz_groups_ldap.conf
Related Topic