问题
I'm new to Git and trying to get an installation of Git, Gitolite, and Gitweb working with LDAP. So far, we have Gitweb working with LDAP. I've reviewed many posts and guides posted around the web, but have not found a solution yet. This is on an Ubuntu 12.04.2 server with Apache 2.2.22. I'm not an expert in any of these technologies, so if I'm missing something obvious please let me know. :)
My site file contains:
<VirtualHost *:80>
ServerAdmin admin
ServerName myserver
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
DocumentRoot /home/git/myserver/http/
<Directory /home/git/myserver/http/>
</Directory>
ErrorLog /home/git/myserver/logs/error.log
CustomLog /home/git/myserver/logs/access.log combined
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel debug
AssignUserID git git
</VirtualHost>
<VirtualHost myserver:443>
ServerAdmin me
ServerName myserver
DocumentRoot /usr/share/gitweb/
<Directory /usr/share/gitweb/>
AuthBasicProvider ldap
AuthType Basic
AuthName "Git Server"
AuthLDAPURL "ldaps://myldap:636/DC=XX,DC=com?sAMAccountName?sub?(objectClass=user)" NONE
AuthLDAPBindDN "CN=User,OU=Service Accounts,DC=XX,DC=com"
AuthLDAPBindPassword "password"
### If you need them to be just a member of the domain, use this:
#require ldap-attribute objectClass=user
### Group based authentication. Users should be part of the group exactly, and not nested inside other groups
require ldap-group CN=XX,OU=Groups,DC=nov,DC=com
require ldap-group CN=YY,OU=Security Mail Enabled,OU=Groups,DC=XX,DC=com
</Directory>
ErrorLog /home/git/myserver/logs/error.log
CustomLog /home/git/myserver/logs/access.log combined
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel debug
AssignUserID git git
SSLEngine On
SSLCertificateFile /etc/ssl/apache/myserver.cer
SSLCertificateKeyFile /etc/ssl/apache/myserver.key
</VirtualHost>
My gitweb.conf file:
# path to git projects (<project>.git)
$projectroot = "/var/lib/gitolite/repositories";
# directory to use for temp files
$git_temp = "/tmp";
$site_name = "Git";
# target of the home link on top of all pages
#$home_link = $my_uri || "/";
# html text to include at home page
#$home_text = "indextext.html";
# file with project list; by default, simply scan the projectroot dir.
$projects_list = "/var/lib/gitolite/projects.list";
@git_base_url_list = qw(ssh://gitolite@myip);
# stylesheet to use
#@stylesheets = ("static/gitweb.css");
# javascript code for gitweb
#$javascript = "static/gitweb.js";
# logo to use
#$logo = "static/git-logo.png";
# the 'favicon'
#$favicon = "static/git-favicon.png";
# git-diff-tree(1) options to use for generated patches
#@diff_opts = ("-M");
@diff_opts = ();
$feature{'highlight'}{'default'} = [1];
And my conf.d/gitweb file:
Alias /gitweb /usr/share/gitweb
<Directory /usr/share/gitweb>
Options FollowSymLinks +ExecCGI
AddHandler cgi-script .cgi
</Directory>
Any thoughts or suggestions are much appreciated.
Thanks!
回答1:
Git with LDAP (git itself, not gitweb) is precisely what I do in my project:
See my httpd.conf
I define first a couple of LDAP aliases (you can authenticate against several LDAP if you want):
<AuthnProviderAlias ldap myldap>
AuthLDAPBindDN cn=Manager,dc=example,dc=com
AuthLDAPBindPassword secret
AuthLDAPURL ldap://localhost:@PORT_LDAP_TEST@/dc=example,dc=com?uid?sub?(objectClass=*)
</AuthnProviderAlias>
# LDAP_START
<AuthnProviderAlias ldap companyldap>
AuthLDAPBindDN "@LDAP_BINDDN@"
AuthLDAPBindPassword @LDAP_PASSWORD@
AuthLDAPURL @LDAP_URL@
</AuthnProviderAlias>
# LDAP_END
(All the @xxx@ you see are template placeholders that I replace with actual values later)
Then I define my VirtualHost (on a different port than the one used for gitweb):
(extract):
# GitHttp on @PORT_HTTP_HGIT@
Listen @PORT_HTTP_HGIT@
<VirtualHost @FQN@:@PORT_HTTP_HGIT@>
ServerName @FQN@
ServerAlias @HOSTNAME@
SSLCertificateFile "@H@/apache/crt"
SSLCertificateKeyFile "@H@/apache/key"
SSLEngine on
SetEnv GIT_PROJECT_ROOT @H@/repositories
SetEnv GIT_HTTP_EXPORT_ALL
SetEnv GITOLITE_HTTP_HOME @H@
ScriptAlias /hgit/ @H@/sbin/gitolite-shell/
SetEnv GIT_HTTP_BACKEND "@H@/usr/local/apps/git/libexec/git-core/git-http-backend"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Location /hgit>
SSLOptions +StdEnvVars
Options ExecCGI +FollowSymLinks +SymLinksIfOwnerMatch
#AllowOverride All
order allow,deny
Allow from all
AuthName "LDAP authentication for Smart HTTP Git repositories"
AuthType Basic
AuthBasicProvider myldap companyldap
AuthzLDAPAuthoritative Off
Require valid-user
AddHandler cgi-script cgi
</Location>
</VirtualHost>
Here this is calling gitolite, but if you call directly git-http-backend (which is a script from git itself, nothing to do with gitolite), you would give unrestricted access to your git repo, through http(s) with LDAP authentication
ScriptAlias /hgit/ @H@/usr/local/apps/git/libexec/git-core/git-http-backend
回答2:
Hope you got your problem fixed. I have been messing around a few days with Git / Gitweb / gitolite myself before I gave up and just installed GitLab using a Bitnami installer
Worked like a charm (some minor hickups but it was a real eye-opener for me: don't try to configure everything yourself if you can find a good "out-of-the-box" solution.
来源:https://stackoverflow.com/questions/17981785/git-with-ldap-on-ubuntu-with-apache