stackoom
  简体   繁体   中英

How do I restrict Apache/GIT access to specific users (ldap/file-based authentication)?

 原文  2012-02-29 13:06:37       git/ apache/ svn/ ldap/ git-svn

Question

I'm running a SVN repo server with ldap/file auth. This let me filter which users will access each of the repositories in the server.

Now I'm planning to migrate to GIT and I've already get GIT running through Apache/LDAP, but I cannot manage to get users filtered as I have on SVN.

Is there a way to achieve this?

Thanks

1 answers

solution1
 1 ACCPTED  2012-02-29 13:47:09

You can replicate the same authentication mechnism (LDAP auth, declared in your httpd.conf) if you are calling the smart http mechanism behind, as described in " Setting up GIT with Apache Smart HTTP/S and LDAP ".

Note that this is different from the authorization part, as explained in Gitolite: authorization vs. authentication , and explained in " Using LDAP as auth method to manage git repositories ".

I prefer to use LDAP aliases in order to reference that authentication server multiple times: 

<AuthnProviderAlias ldap myldap>
  AuthLDAPBindDN cn=Manager,dc=example,dc=com
  AuthLDAPBindPassword secret
  AuthLDAPURL ldap://localhost:9011/dc=example,dc=com?uid?sub?(objectClass=*)
</AuthnProviderAlias>

Here is an example of a config (with SSL in place) using LDAP: 

<VirtualHost itsvcprdgit.world.company:8453>
    ServerName itsvcprdgit.world.company
    ServerAlias itsvcprdgit

    SSLCertificateFile "/home/auser/compileEverything/apache/itsvcprdgit.world.company.crt"
    SSLCertificateKeyFile "/home/auser/compileEverything/apache/itsvcprdgit.world.company.key"
    SSLEngine on
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

    SetEnv GIT_PROJECT_ROOT /home/auser/compileEverything/repositories
    SetEnv GIT_HTTP_EXPORT_ALL

    ScriptAlias /mygit/ /path/to/git-http-backend/
    <FilesMatch "\.(cgi|shtml|phtml|php)$">
      SSLOptions +StdEnvVars
    </FilesMatch>
    <Location /mygit>
        SSLOptions +StdEnvVars
        Options ExecCGI +FollowSymLinks +SymLinksIfOwnerMatch
        #AllowOverride All
        order allow,deny
        Allow from all

        AuthName "LDAP authentication for ITSVC Smart HTTP Git repositories"
        AuthType Basic
        AuthBasicProvider myldap
        AuthzLDAPAuthoritative On

        Require valid-user
        AddHandler cgi-script cgi
    </Location>
    BrowserMatch ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
    CustomLog "/home/auser/compileEverything/apache/githttp_ssl_request_log" \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
    ErrorLog "/home/auser/compileEverything/apache/githttp_error_log"
    TransferLog "/home
</VirtualHost>

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question git-svn with file-based access to repository git : restrict access to specific folder for some users in bitbucket How can I restrict branch acces to specific users of Git on centos 7 server? Disabling access for git to specific Directory with Apache Basic Authentication How to restrict git SSH access based on ssh key given How do I commit a file for only some users in a git repo? Restrict users access on specific git branch repo and history repo, while keeping merge facilities How to restrict push to specific users? Git repository, restrict path based read access How can I restrict a git command with specific options?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM