Redmine

Redmine doesn't use the credentials of the logged in user, especially because redmine only knows about the hash of the password, not the password itself. See Repositories_access_control_with_apache_mod_dav_svn_and_mod_perl to see how to configure apache to allow read access to the svn repositories without authentication from the server on which redmine is installed. You might also prefer to use the file:// schema instead of http:// access if both are on the same server.

Thanks for your prompt reply.

I figured out why

subversion_adapter.rb

I read this HowTo several times (and I used it for my set up), but I think it only allows anonymous browsing of public repositories, not private ones. And having a look at Redmine.pm, it seems it manages only public projects (though I'm easily lost in Perl code...).

Maybe there is an obvious error in my config, so here it is:

Apache

<VirtualHost *:443>
        SSLEngine on
        SSLCertificateFile ...
        SSLCertificateKeyFile ...
        SSLCACertificateFile ...
        DefaultInitEnv X_DEBIAN_SITEID "default" 

        ServerName my_server:443

        DocumentRoot /usr/share/redmine/public/
        LogLevel debug
        ErrorLog /var/log/redmine/default/error.log

        <Directory /usr/share/redmine/public/>
                Options Indexes ExecCGI FollowSymlinks
                Order allow,deny
                Allow from all
                AllowOverride all
        </Directory>

PerlLoadModule Apache::Redmine
PerlLoadModule Authen::Simple::LDAP
<Location /svn>
        DAV svn
        SVNParentPath "/path/to/svn" 
        Satisfy any

        PerlAccessHandler Apache::Authn::Redmine::access_handler
        PerlAccessHandler Apache::Authn::Redmine::authen_handler
        AuthType Basic
        AuthName "SVN Repository" 
        AuthBasicAuthoritative off

        <Limit GET PROPFIND OPTIONS REPORT>
                Require valid-user
                Allow from all
                Satisfy any
        </Limit>
        <LimitExcept GET PROPFIND OPTIONS REPORT>
                Require valid-user
        </LimitExcept>

        RedmineDSN "DBI:mysql:database=redmine_db;host=localhost" 
        RedmineDbUser "redmine_db" 
        RedmineDbPass "redmine_pw" 
</Location>
</VirtualHost>

I also modified

subversion_adapter.rb

--trust-server-cert

Using google, I could find one patch which seems to do something similar, but I didn't tried it, and since it disappeared from the Redmine tracker, I think it's a bad idea to use it... http://www.redmine.org/attachments/2179/no-need-for-svn-private.diff

Once again, thanks for your help.

1. you can kill the --trust-server-cert by logging in as the server running redmine and connecting to the repository with svn and accepting the certificate permanently,
2. try Allow from so.me.i.p instead of all, as that is the part that should enable redmine to connect read-only to the svn repos (and I'm not sure apache reads the allow from all part for satisfy any), redmine.pm shouldn't even get asked for anything in this scenario.

Yes, actually I was running with an accepted certificate (www-data user under Debian) before I upgraded subversion. --trust-server-cert wasn't available with svn < 1.6, but now I'm using this option since I thought it was more "clean". Nevertheless, I could get back to my ex-config, but I had the same problem about repositories.

Thank you for the tip, I didn't know there could be troubles between "satisfy any" and "Allow from all". But here again, "Allow from all" is the result of multiple testings. I'm back to my "allow from 11.22.33.44". I even tried "allow from 11.22.33.44 127.0.0.1".

By the way, do you think this feature (browsing private repos without providing extra login/password) is available?

I tried many "tips", such like:

# svn list https://mysvnserver.fr/svn/test3 --non-interactive --trust-server-cert --no-auth-cache --xml

<?xml version="1.0"?>
<lists>
<list
   path="https://mysvnserver.fr/svn/test3">
svn: OPTIONS de 'https://mysvnserver.fr/svn/test3': Échec à l'autorisation : Could not authenticate to server: rejected Basic challenge (https://mysvnserver.fr)

I tried it with and without the SSL config.

If I try to remove some limitations like:

        <Limit GET PROPFIND OPTIONS REPORT>
                Require valid-user
                Allow from all
                Satisfy any
        </Limit>

        <Limit GET PROPFIND OPTIONS REPORT>
                Allow from all
        </Limit>

I have an unexpected error delivered by Redmine.pm complaining

[error] access to /svn/test3 failed for 11.22.33.44, reason: No authentication has been configured

Otherwise (with normal conf) I get this:

svn: OPTIONS of 'https://mysvnserver.fr/svn/test3': authorization failed: Could not
 authenticate to server: rejected Basic challenge

If this feature is not available, I think it would be interesting if Redmine (or SVN?) always accept to read repositories, then display it or not depending on the logged user.

The problem by now is that I don't know if my config is wrong or if this feature isn't implemented...

I'd suggest you submit a bug as redmine.pm is shipped with redmine.

OK, thank you very much for your time and your help, Felix.
I've just reported a bug (or feature request) here: http://www.redmine.org/issues/5236

Thanks again!

Just to let you know that I've submitted a small patch for this here: http://www.redmine.org/issues/5236
Please let me know if you have any suggestion.