我正在尝试设置通过LDAP进行身份验证的GIT服务器。我正在使用Apache。尝试推送时GIT客户端失败。
git push
根据服务器日志,问题出在WebDAV PROPFIND命令上,该命令未经GIT认证,最终得到401 http代码:
Apache access.log:
192.168.23.199 - - [13/Jul/2017:13:39:27 +0000] "GET /test.git/info/refs?service=git-receive-pack HTTP/1.1" 401 381
192.168.23.199 - johndoe [13/Jul/2017:13:39:27 +0000] "GET /test.git/info/refs?service=git-receive-pack HTTP/1.1" 200 59
192.168.23.199 - johndoe [13/Jul/2017:13:39:27 +0000] "GET /test.git/HEAD HTTP/1.1" 200 23
192.168.23.199 - - [13/Jul/2017:13:39:27 +0000] "PROPFIND /test.git/ HTTP/1.1" 401 381
我的配置文件包含LimitExcept:
<Location />
Dav on
AuthBasicProvider ldap
AuthLDAPURL "ldap://server:3268 server:3268 server:3268 server:3268/dc=mydc,dc=local?sAMAccountName,distinguishedName,memberOf,displayName"
AuthLDAPBindDN "CN=documentation,OU=Script-Users,OU=Orange,DC=qconsulting,DC=local"
AuthLDAPBindPassword "xxxxx"
AuthType Basic
AuthName "AD Authorization required"
<LimitExcept PROPFIND>
Require valid-user
</LimitExcept>
AllowOverride None
Options FollowSymLinks Indexes
RewriteEngine on
RewriteRule ^pub/git$ /pub/git/cgi-bin/gitweb.cgi
RewriteRule ^pub/git/$ /pub/git/cgi-bin/gitweb.cgi
RewriteRule ^/(.*\.git/(?!/?(HEAD|info|objects|refs)).*)?$ /cgi-bin/gitweb.cgi%{REQUEST_URI} [L,PT]
</Location>
奇怪的是,我试图通过卷曲和尸体做PROPFIND请求。并且卷曲失败(401)并且它与尸体(207)成功
curl --request PROPFIND http://server/test.git/
Apache日志:
192.168.23.199 - - [13/Jul/2017:11:11:46 +0000] "PROPFIND /test.git/ HTTP/1.1" 207 436
propnames /
192.168.23.199 - - [13/Jul/2017:11:11:59 +0000] "PROPFIND /test.git/ HTTP/1.1" 401 381