[svnbook commit] r3183 - trunk/src/en/book

cmpilato noreply at red-bean.com
Mon Jun 30 13:55:09 CDT 2008


Author: cmpilato
Date: Mon Jun 30 13:55:08 2008
New Revision: 3183

Log:
* src/en/book/ch06-server-configuration.xml
  Finish Trac ticket #124: Document the authz-file aliases feature.  


Modified:
   trunk/src/en/book/ch06-server-configuration.xml

Modified: trunk/src/en/book/ch06-server-configuration.xml
==============================================================================
--- trunk/src/en/book/ch06-server-configuration.xml	(original)
+++ trunk/src/en/book/ch06-server-configuration.xml	Mon Jun 30 13:55:08 2008
@@ -3127,6 +3127,49 @@
 everyone = @calc-developers, @paint-developers
 </screen>
 
+    <para>Subversion 1.5 brings another useful feature to the access
+      file syntax:  username aliases.  Some authentication systems
+      expect and carry relatively short usernames of the sorts we've
+      been describing here—<literal>harry</literal>,
+      <literal>sally</literal>, <literal>joe</literal>, etc.  But
+      other authentication systems—such as those which use LDAP
+      stores or client certificates—may carry much more complex
+      usernames.  For example, Harry's username in an LDAP-protected
+      system might be <literal>/O=Red
+      Bean/OU=Engineers/DC=com/DC=red-bean/CN=Harold Hacker</literal>.
+      With usernames like that, the access file can become quite
+      bloated with long or obscure usernames that are easy to mistype.
+      Fortunately, username aliases allow you to only have to type the
+      correct complex username once, in a statement which assigns to
+      it a more easily digestable alias.</para>
+
+    <screen>
+[aliases]
+harry = /O=Red Bean/OU=Engineers/DC=com/DC=red-bean/CN=Harold Hacker
+sally = /O=Red Bean/OU=Engineers/DC=com/DC=red-bean/CN=Sally Swatterbug
+joe   = /O=Red Bean/OU=Engineers/DC=com/DC=red-bean/CN=Gerald I. Joseph
+…
+</screen>
+
+    <para>Once you've defined a set of aliases, you can refer to the
+      users elsewhere in the access file via their aliases in all the
+      same places you could have instead used their actual usernames.
+      Simply prepend an ampersand to the alias to distinguish it from
+      a regular username:</para>
+
+    <screen>
+[groups]
+calc-developers = &harry, &sally, &joe
+paint-developers = &frank, &sally, &jane
+everyone = @calc-developers, @paint-developers
+</screen>
+
+    <para>You might also choose to use aliases if your users'
+      usernames change frequently.  Doing so allows you to need to
+      update only the aliases table when these username changes occur,
+      instead of doing global-search-and-replace operations on the
+      whole access file.</para>
+
   <!-- TODO(sussman):  this sidebar needs to be changed for svn 1.5,
   making it clear that it's a neon behavior, and ??probably?? not the
   case when using serf... -->




More information about the svnbook-dev mailing list