如何在gitolite中使用智能http访问获取存储库的细粒度ACL?
[英]How to get a fine grained ACL for repositories with smart http access in gitolite?
问题描述
How can we achieve fine grained ACL with smart http in gitolite? 
我们怎样才能在gitolite中使用智能http实现细粒度ACL?
What this exactly means is: If I restrict certain repos for some users in gitolite using ssh and if I try to clone the restricted repo, gitolite tells: 这究竟意味着:如果我使用ssh限制某些用户使用gitolite的某些用户,如果我尝试克隆受限制的回购,gitolite会告诉:
Fatal R any (some_username) is denied.
Please make sure the repository exists".
How to achieve the above mentioned ACL by using smart http? 如何使用智能http实现上述ACL?
If possible please specify the setup(apache2) for achieving the same. 如果可能,请指定设置(apache2)以实现相同的目的。
1 个解决方案
解决方案1
0 2017-04-20 18:58:16
gitolite is compatible with smart http, as I mentioned in 2012 or in here . 正如我在2012年或此处提到的那样 , gitolite与智能http兼容。
All you need to do is set those 4 lines : 您需要做的就是设置这4行 :
SetEnv GIT_PROJECT_ROOT @H@/repositories
SetEnv GIT_HTTP_EXPORT_ALL
SetEnv GITOLITE_HTTP_HOME @H@
ScriptAlias /hgit/ /path/to/gitolite/sbin/gitolite-shell/
SetEnv GIT_HTTP_BACKEND "/path/to/git/libexec/git-core/git-http-backend"
That way, any url with a path starting with /hgit will query gitolite first (through its src/gitolite-shell perl script) 这样,任何以/hgit开头的路径的url都会首先查询gitolite(通过它的src/gitolite-shell perl脚本)
git clone http://myserver/hgit/myrepo.git
You need to couple that with a way to authenticate yourself through one of the authentication basic provider (file, ldap, dbm, ...) 您需要通过一种身份验证基本提供程序 (文件,ldap,dbm,...) 来验证自己 。
In my httpd.conf, I use LDAP . 在我的httpd.conf中,我使用LDAP 。
AuthName "LDAP authentication for ITSVC Smart HTTP Git repositories"
AuthType Basic
AuthBasicProvider ldap
AuthLDAPBindDN "@LDAP_BINDDN@"
AuthLDAPBindPassword @LDAP_PASSWORD@
AuthLDAPURL @LDAP_URL@
AuthLDAPGroupAttribute member
You would replace the placeholder string @xxx@ by their actual values . 您可以用它们的实际值替换占位符字符串@xxx@ 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.