我正在使用ldap / file auth运行SVN repo服务器。这让我可以过滤哪些用户将访问服务器中的每个存储库。
现在我打算迁移到GIT,我已经让GIT在Apache / LDAP上运行了,但是我无法像SVN那样设法过滤用户。
有没有办法实现这个目标?
由于
答案 0 :(得分:1)
如果您正在调用后面的smart http mechanism,您可以复制相同的身份验证机制(在httpd.conf中声明的LDAP身份验证),如“Setting up GIT with Apache Smart HTTP/S and LDAP”中所述。
请注意,这与授权部分不同,如Gitolite: authorization vs. authentication中所述,并在“Using LDAP as auth method to manage git repositories”中进行了解释。
我更喜欢使用 LDAP别名来多次引用该身份验证服务器:
<AuthnProviderAlias ldap myldap>
AuthLDAPBindDN cn=Manager,dc=example,dc=com
AuthLDAPBindPassword secret
AuthLDAPURL ldap://localhost:9011/dc=example,dc=com?uid?sub?(objectClass=*)
</AuthnProviderAlias>
以下是使用LDAP的配置(使用SSL)的示例:
<VirtualHost itsvcprdgit.world.company:8453>
ServerName itsvcprdgit.world.company
ServerAlias itsvcprdgit
SSLCertificateFile "/home/auser/compileEverything/apache/itsvcprdgit.world.company.crt"
SSLCertificateKeyFile "/home/auser/compileEverything/apache/itsvcprdgit.world.company.key"
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SetEnv GIT_PROJECT_ROOT /home/auser/compileEverything/repositories
SetEnv GIT_HTTP_EXPORT_ALL
ScriptAlias /mygit/ /path/to/git-http-backend/
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Location /mygit>
SSLOptions +StdEnvVars
Options ExecCGI +FollowSymLinks +SymLinksIfOwnerMatch
#AllowOverride All
order allow,deny
Allow from all
AuthName "LDAP authentication for ITSVC Smart HTTP Git repositories"
AuthType Basic
AuthBasicProvider myldap
AuthzLDAPAuthoritative On
Require valid-user
AddHandler cgi-script cgi
</Location>
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "/home/auser/compileEverything/apache/githttp_ssl_request_log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
ErrorLog "/home/auser/compileEverything/apache/githttp_error_log"
TransferLog "/home
</VirtualHost>