In order to allow public reading/checkout, you need to uncomment the bit between the <LimitExcept>
directive and comment the separate Require valid-user
line above it.
The directive <LimitExcept GET PROPFIND OPTIONS REPORT>
tells the server that everything inside that does not apply to any GET
, PROPFIND
, OPTIONS
or REPORT
request to the repository, which are used for checking out/reading the repo. In other words, if you would put this bit of code in your Apache configuration, it would only require a valid user for anything else than the mentioned methods (e.g. it would require a valid user if a PUT
request is made to commit):
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
</LimitExcept>
In your case, it should probably look something like this (I just slightly modified your posted config, assuming that is correct besides the forced login issue (I have no LDAP server to test it with). Note to replace example.com
in your AuthLDAPURL
to the real server host):
<Location /repos>
DAV svn
# Directory containing all repository for this path
SVNParentPath /srv/svn/repositories
# List repositories colleciton
SVNListParentPath On
# Enable WebDAV automatic versioning
SVNAutoversioning On
# Repository Display Name
SVNReposName "RepositoryName"
# Do basic password authentication in the clear
AuthType Basic
# The name of the protected area or "realm"
AuthName "RepositoryName"
# Make LDAP the authentication mechanism
AuthBasicProvider ldap
# Make LDAP authentication is final
AuthzLDAPAuthoritative off
# Active Directory requires an authenticating DN to access records
#AuthLDAPBindDN "ou=people,o=example,dc=com"
# The LDAP query URL
AuthLDAPURL "ldap://example.com:389/DC=com,DC=example,ou=people?uid(objectClass=*)" NONE
# Authorization file
AuthzSVNAccessFile /subversion/apache2/auth/repos.acl
# Limit write permission to list of valid users.
<LimitExcept GET PROPFIND OPTIONS REPORT>
SSLRequireSSL
Require valid-user
</LimitExcept>
</Location>
As long as you put the Require valid-user
inside the LimitExcept
, everything should work just as you want it to. You can put the rest of the authentication configuration anywhere between the Location
directive.