Apache аутентифицирует группу соответствия подкаталогу
Две мысли:
svn updateостановка для просьбы пароль? Рычаги фиксации являются неинтерактивными, поэтому если обновление svn попросит пароль, то не будет никакого способа ввести его. Попытайтесь делатьsvn update --username xxxx --password xxxx --non-interactive(заменяющий в качестве соответствующий).Попробуйте redircting вывод
svn updateв файл, таким образом, Вы видите то, что он делает (например,svn update > my.debug.file.log), затем если это не проливает света, сообщает здесь, чтобы видеть, может ли кто-либо дать больше информации.
Обратите внимание также, что FAQ SVN имеет раздел по этому здесь: http://subversion.apache.org/faq.html#website-auto-update... обращает внимание на обсуждение там относительно полномочий каталога на цели.
After further investigation, I found the solution in the form of SVN Access control.
Using authz_svn_module, my Subversion directory in the Apache configuration looks like:
<Location /svn>
# Tell apache this is a subversion repository
DAV svn
# Where the subversion repository list exists on the file system
SVNParentPath "/var/svn"
# What kind of authentication
AuthType Basic
AuthName "Restricted!"
AuthBasicProvider ldap
AuthLDAPBindDN "YOUR BIND DN"
AuthLDAPBindPassword "YOUR BIND PASSWORD"
AuthLDAPURL "ldaps://yourldapserver.com:636/other_info"
AuthzSVNAccessFile /etc/httpd/svnaccess.txt
Require valid-user
</Location>
Pretty basic - the important line here is the AuthzSVNAccessFile - this points to the file that will be generated automatically and hold which users have permission to which directories.
This "svnaccess.txt" file would look something like this:
[project1:/]
joe_user = rw
mary_beth = rw
$anonymous = r
[project2:/]
james_smith = rw
[project3:/]
john_deere = rw
$anonymous = r
The usernames listed here are the usernames authenticated by LDAP. They do not need to be registered by Subversion (they're carried with the user upon authentication). The @anonymous is a wild-card: anyone that is not authenticated, or that may satisfy another Allow directive in your Apache configuration. This file should only be readable by root (or whoever starts the Apache service).
The creation of this file can be automatically generated - depending on where your information is coming from. In my case, I have a Redmine server that holds information about users and projects, and which user has access to which project. A short Python script can be written to extract that information from the database and used to generate this file automatically (if used as a cron job). It's a round-about way of doing things, but after you get it working and automated, you don't have to worry about rewriting authentication rules again for each new project/subversion repository created.
(And on the plus side, changes to this "svnaccess.txt" file doesn't require an Apache restart!)