以http ACCES gitolite通过LDAP未通过的用户名 [英] gitolite with http acces via LDAP does not pass the username
问题描述
我试图安装了Git服务器:
I'm trying to setup a git server with:
-
HTTP的访问能够克隆库是这样的:
http-access to be able to clone repositories like this:
git的克隆的http:// mygitserver /库
有一个web界面(叫做gitweb),如果可能的话,每个用户限制
have a web interface (gitweb), if possible with restrictions per user
基于LDAP帐户控制访问
control access based on LDAP accounts
到目前为止,我的GitWeb启动和运行;当我访问
So far I have gitweb up and running; when I access
http://gitserver/
它要求LDAP登录,当我提供这一点;它显示了所有的仓库(甚至gitolite管理员库...不是那么好)
it asks ldap login and when I provide this; it shows all repositories (even gitolite-admin repository... not so good)
当我尝试克隆,我得到的错误:
When I try to clone, I get the error:
fatal: http://gitserver/<reponame>.git/info/refs not valid: is this a git repository?
我挖到它,我发现该gitolite-suexec-wrapper.sh没有收到LDAP用户名;如此以来,用户名为空,gitolite不能授予访问权限...任何想法?
I dug into it and I found out that the gitolite-suexec-wrapper.sh does not receive the LDAP username; so gitolite cannot grant access since the username is empty... any ideas?
这是我的配置:
我的Apache配置文件看起来像这里的一种:
http://gitolite.com/gitolite/g2/ggshb.html 。最有趣的部分是这样的:
my apache configuration file looks like the one here: http://gitolite.com/gitolite/g2/ggshb.html. The most interesting part is this:
ScriptAliasMatch \
"(?x)^/(.*/(HEAD | \
info/refs | \
objects/(info/[^/]+ | \
[0-9a-f]{2}/[0-9a-f]{38} | \
pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
git-(upload|receive)-pack))$" \
/srv/www/bin/gitolite-suexec-wrapper.sh/$1
一个或另一个原因参数$ 1未通过或为空....在Apache日志,我得到这些行:
for one or another reason the parameter $1 is not passed or is empty.... in the apache log I get these lines:
10.1.86.100 - - [22/Jan/2014:18:09:52 +0100] "GET /git/<reponame>.git/info/refs?service=git-upload-pack HTTP/1.1" 401 - "-" "git/1.8.4"
601 10.1.86.100 - - [22/Jan/2014:18:09:57 +0100] "GET /git/<reponame>.git/info/refs?service=git-upload-pack HTTP/1.1" 401 - "-" "git/1.8.4"
602 10.1.86.100 - chris.maes [22/Jan/2014:18:09:57 +0100] "GET /git/<reponame>.git/info/refs?service=git-upload-pack HTTP/1.1" 200 120 "-" "git/1.8.4"
哦,是的;我的环境:
openSUSE的13.1
gitolite 2.3.1
1.8.4的git
oh yes; my environment: Opensuse 13.1 gitolite 2.3.1 git 1.8.4
推荐答案
这两种解决方案是:
1 /阿帕奇+ LDAP,称 gitolite壳
(gitolie V3)
1/ Apache + ldap, calling gitolite-shell
(gitolie V3)
ScriptAlias /hgit/ @H@/sbin/gitolite-shell/
SetEnv GIT_HTTP_BACKEND "@H@/usr/local/apps/git/libexec/git-core/git-http-backend"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Location /hgit>
SSLOptions +StdEnvVars
Options +ExecCGI +FollowSymLinks +SymLinksIfOwnerMatch
#AllowOverride All
order allow,deny
Allow from all
AuthName "LDAP authentication for ITSVC Smart HTTP Git repositories"
AuthType Basic
AuthBasicProvider myldap companyldap
2 /或GitLab,其中有LDAP认证:设立gitlab LDAP认证,无需特别gitlab用户< BR>
请参阅<一个href=\"https://github.com/gitlabhq/gitlabhq/blob/68590fddd860c5d840d8f04314ed11f0d02ddd44/config/gitlab.yml.example#L118-L139\"相对=nofollow>配置 gitlab.yml
LDAP部分。
2/ Or GitLab, which had LDAP authentication: "setting up gitlab LDAP-authentication without special gitlab user"
See the config gitlab.yml
ldap section.
这篇关于以http ACCES gitolite通过LDAP未通过的用户名的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!