FreeIPA, Kerberos, LDAP, Subversion Stack Part 4: Tighten Apache

You should have a Subversion repo to which you can successfully login and browse anywhere using a recent vintage of the popular TortoiseSVN on Windows.

The last step is to tighten Apache access a bit.  This is where LDAP really shines.

 <RequireAll>
 Require valid-user
 Require ldap-attribute memberOf=cn=subversion_users,cn=groups,cn=accounts,dc=mydomain,dc=la
 <RequireAny>
 Require ip 66.77.88.99/32
 Require ip 192.168.111.0/24
 </RequireAny>
</RequireAll>

The LDAP stuff might be new for some, so that should get you started.

The Subversion documentation warns about using path-based authorization, but then provides instructions how to do it.  Ideally, Apache’s LDAP auth should be enough.

http://svnbook.red-bean.com/en/1.7/svn.serverconfig.pathbasedauthz.html