We face currently the problem to allow people access to parts of a subversion repository (1.5.x, soon 1.6.x), that is secure in other parts. Let me give you some details:
- We have a production server where a lot of projects have their own subversion repository.
- For each of the projects, there exists a section in our Apache config that looks like that:
DAV svn
SVNPath /export/subversion/PROJ1
SVNAutoversioning on
#Authentication
AuthType Basic
AuthName "Subversion PROJ1"
AuthBasicProvider ldap
AuthLDAPBindDN ""
AuthLDAPBindPassword 'xxxxx'
AuthLDAPURL "ldap://?sAMAccountName?sub?(objectClass=*)"
Require valid-user
#Authorization
AuthzSVNAccessFile /etc/subversion/projects/PROJ1/authUsers
(does anyone know why the Location-block does not show up? If you know, please edit it correctly)
- We want that
- All people may read documents stored in a special public directory without giving their user ID and password.
- Everyone that tries to read something in a different directory will have to login to read that document.
Currently we have to copy the documents we want to share in a special subversion repository that is not secured, so that the people can read there. But we loose the possibilities of subversion, eg. the history of the files.
Is there any way we can reach such a setup: Apache web server, one subversion repository, some parts accessible to everyone without login, most parts secured by base login.
My buddy wrote an entry on this exact thing a while back:
https://digital.ai/catalyst-blog/authz-and-anon-authn-agony
He has a few suggestions in there about how you might handle this, although I'm not guaranteeing you'll agree with the options.