[svnbook commit] r3183 - trunk/src/en/book
cmpilato
noreply at red-bean.com
Mon Jun 30 13:55:09 CDT 2008
Author: cmpilato
Date: Mon Jun 30 13:55:08 2008
New Revision: 3183
Log:
* src/en/book/ch06-server-configuration.xml
Finish Trac ticket #124: Document the authz-file aliases feature.
Modified:
trunk/src/en/book/ch06-server-configuration.xml
Modified: trunk/src/en/book/ch06-server-configuration.xml
==============================================================================
--- trunk/src/en/book/ch06-server-configuration.xml (original)
+++ trunk/src/en/book/ch06-server-configuration.xml Mon Jun 30 13:55:08 2008
@@ -3127,6 +3127,49 @@
everyone = @calc-developers, @paint-developers
</screen>
+ <para>Subversion 1.5 brings another useful feature to the access
+ file syntax: username aliases. Some authentication systems
+ expect and carry relatively short usernames of the sorts we've
+ been describing here—<literal>harry</literal>,
+ <literal>sally</literal>, <literal>joe</literal>, etc. But
+ other authentication systems—such as those which use LDAP
+ stores or client certificates—may carry much more complex
+ usernames. For example, Harry's username in an LDAP-protected
+ system might be <literal>/O=Red
+ Bean/OU=Engineers/DC=com/DC=red-bean/CN=Harold Hacker</literal>.
+ With usernames like that, the access file can become quite
+ bloated with long or obscure usernames that are easy to mistype.
+ Fortunately, username aliases allow you to only have to type the
+ correct complex username once, in a statement which assigns to
+ it a more easily digestable alias.</para>
+
+ <screen>
+[aliases]
+harry = /O=Red Bean/OU=Engineers/DC=com/DC=red-bean/CN=Harold Hacker
+sally = /O=Red Bean/OU=Engineers/DC=com/DC=red-bean/CN=Sally Swatterbug
+joe = /O=Red Bean/OU=Engineers/DC=com/DC=red-bean/CN=Gerald I. Joseph
+…
+</screen>
+
+ <para>Once you've defined a set of aliases, you can refer to the
+ users elsewhere in the access file via their aliases in all the
+ same places you could have instead used their actual usernames.
+ Simply prepend an ampersand to the alias to distinguish it from
+ a regular username:</para>
+
+ <screen>
+[groups]
+calc-developers = &harry, &sally, &joe
+paint-developers = &frank, &sally, &jane
+everyone = @calc-developers, @paint-developers
+</screen>
+
+ <para>You might also choose to use aliases if your users'
+ usernames change frequently. Doing so allows you to need to
+ update only the aliases table when these username changes occur,
+ instead of doing global-search-and-replace operations on the
+ whole access file.</para>
+
<!-- TODO(sussman): this sidebar needs to be changed for svn 1.5,
making it clear that it's a neon behavior, and ??probably?? not the
case when using serf... -->
More information about the svnbook-dev
mailing list