简体繁体 English

Git连接到Active Directory

[英]Git connected to Active Directory

原文 2014-07-01 17:43:45 1 1 linux/ git/ active-directory/ ldap

Objective: 目的：

Setup Git repository on Oracle Linux 6. Users connecting from Windows, Mac and Linux, using AD credentials. 在Oracle Linux 6上设置Git存储库。使用AD凭据从Windows，Mac和Linux连接的用户。 I would like to limit access base on AD groups. 我想限制AD组的访问基础。 I have been searching for a way to set this up. 我一直在寻找一种方法来设置它。 I have seen several options that allow for fine grained access control of the repository but I haven't found anything that can use AD groups to manage access. 我已经看到了几个允许对存储库进行细粒度访问控制的选项，但是我没有找到任何可以使用AD组来管理访问的选项。

So the question is: Is this even possible? 所以问题是：这甚至可能吗？ Can someone point me in the direction of documentation that would explain the process? 有人能指出我可以解释这个过程的文档方向吗？

1 个解决方案

Update: 更新：

There now appear to be more options: 现在似乎有更多选择：

GitLab supports LDAP authentication GitLab支持LDAP身份验证
Gogs supports LDAP too Gogs也支持LDAP

Update: 更新：

GitBlit , "an open-source, pure Java stack for managing, viewing, and serving Git repositories", supports LDAP authentication out of the box: GitBlit ，“用于管理，查看和服务Git存储库的开源纯Java堆栈”，支持开箱即用的LDAP身份验证：

LDAP can be used to authenticate Users and optionally control Team memberships. LDAP可用于对用户进行身份验证，并可选择控制团队成员身份。 When properly configured, Gitblit will delegate authentication to your LDAP server and will cache some user information in the usual users.conf file. 正确配置后，Gitblit会将身份验证委派给您的LDAP服务器，并将一些用户信息缓存在通常的users.conf文件中。

GitBlit also lists support for Windows authentication , but only when installed on Windows, and only tested against local accounts. GitBlit还列出了对Windows身份验证的支持，但仅限于安装在Windows上，并且仅针对本地帐户进行测试。

Previous answer: 上一个答案：

If you move your Git server to Bonobo Git Server on Windows you can use Windows authentication : 如果您在Windows上将Git服务器移动到Bonobo Git服务器，则可以使用Windows身份验证：

Windows Authentication Windows身份验证

This authentication is very useful when your git server sits inside the company network and your accounts and logging information could be managed via IIS. 当您的git服务器位于公司网络内部并且您的帐户和日志记录信息可以通过IIS进行管理时，此身份验证非常有用。 The advantage of this approach is that your users won't have to create another account for logging to Bonobo Git Server. 这种方法的优点是您的用户不必创建另一个帐户来登录到Bonobo Git Server。 They will use the existing Windows account they use on the network. 他们将使用他们在网络上使用的现有Windows帐户。

Doing this from Linux is possible , but unlikely to be easy. 可以从Linux执行此操作，但这不太容易。 You'll probably have to set PAM up to use either LDAP or Kerberos authentication and then do quite a lot of configuration . 您可能必须将PAM设置为使用LDAP或Kerberos身份验证，然后执行大量配置。 If you've got Windows licences I strongly recommend checking out Bonobo. 如果您拥有Windows许可证，我强烈建议您查看Bonobo。