Anonymous SVN Checkout, but Authenticate Commit
In order to allow public reading/checkout, you need to uncomment the bit between the <LimitExcept>
directive and comment the separate Require valid-user
line above it.
The directive <LimitExcept GET PROPFIND OPTIONS REPORT>
tells the server that everything inside that does not apply to any GET
, PROPFIND
, OPTIONS
or REPORT
request to the repository, which are used for checking out/reading the repo. In other words, if you would put this bit of code in your Apache configuration, it would only require a valid user for anything else than the mentioned methods (e.g. it would require a valid user if a PUT
request is made to commit):
<LimitExcept GET PROPFIND OPTIONS REPORT> Require valid-user</LimitExcept>
In your case, it should probably look something like this (I just slightly modified your posted config, assuming that is correct besides the forced login issue (I have no LDAP server to test it with). Note to replace example.com
in your AuthLDAPURL
to the real server host):
<Location /repos> DAV svn # Directory containing all repository for this path SVNParentPath /srv/svn/repositories # List repositories colleciton SVNListParentPath On # Enable WebDAV automatic versioning SVNAutoversioning On # Repository Display Name SVNReposName "RepositoryName" # Do basic password authentication in the clear AuthType Basic # The name of the protected area or "realm" AuthName "RepositoryName" # Make LDAP the authentication mechanism AuthBasicProvider ldap # Make LDAP authentication is final AuthzLDAPAuthoritative off # Active Directory requires an authenticating DN to access records #AuthLDAPBindDN "ou=people,o=example,dc=com" # The LDAP query URL AuthLDAPURL "ldap://example.com:389/DC=com,DC=example,ou=people?uid(objectClass=*)" NONE # Authorization file AuthzSVNAccessFile /subversion/apache2/auth/repos.acl # Limit write permission to list of valid users. <LimitExcept GET PROPFIND OPTIONS REPORT> SSLRequireSSL Require valid-user </LimitExcept></Location>
As long as you put the Require valid-user
inside the LimitExcept
, everything should work just as you want it to. You can put the rest of the authentication configuration anywhere between the Location
directive.
Ok. I got the first part done.
With reference from 6. Access control lists
section here, I added the read-only access in the AuthzSVNAccessFile
file.
# Authorization fileAuthzSVNAccessFile /srv/svn/repos.acl
Contents of /srv/svn/repos.acl
file
[/]* = r
Now, all my repositories will be anonymously accessible. Now the commit part is remaining.
Now I get the following message when I commit.
Commit failed (details follow):Server sent unexpected return value (500 Internal Server Error) in response to MKACTIVITY request for '/repos/project1/!svn/act/783d45f7-ae05-134d-acb0-f36c007af59d'
Every Subversion server that I've seen:
- Allows anonymous checkout with no commit.
- Requires authenticated checkout and allows commit.
I believe that the Subversion commit process has to be.
- Receive authentication credentials.
- Checkout code with authentication.
- Reapply changes.
- Commit changes.