使用LDAP的Git在Ubuntu与Apache [英] Git with Ldap on Ubuntu with Apache
问题描述
我是新来的Git和试图让Git的,Gitolite和GitWeb里与LDAP工作的安装。到目前为止,我们的GitWeb与LDAP的工作。我查看了很多帖子和网络上发布的指南,但还没有找到一个解决办法。这是与Apache 2.2.22在Ubuntu 12.04.2服务器上。我没有在任何这些技术的专家,所以如果我失去了一些东西很明显,请让我知道。 :)
I'm new to Git and trying to get an installation of Git, Gitolite, and Gitweb working with LDAP. So far, we have Gitweb working with LDAP. I've reviewed many posts and guides posted around the web, but have not found a solution yet. This is on an Ubuntu 12.04.2 server with Apache 2.2.22. I'm not an expert in any of these technologies, so if I'm missing something obvious please let me know. :)
我的网站文件包含:
<VirtualHost *:80>
ServerAdmin admin
ServerName myserver
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
DocumentRoot /home/git/myserver/http/
<Directory /home/git/myserver/http/>
</Directory>
ErrorLog /home/git/myserver/logs/error.log
CustomLog /home/git/myserver/logs/access.log combined
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel debug
AssignUserID git git
</VirtualHost>
<VirtualHost myserver:443>
ServerAdmin me
ServerName myserver
DocumentRoot /usr/share/gitweb/
<Directory /usr/share/gitweb/>
AuthBasicProvider ldap
AuthType Basic
AuthName "Git Server"
AuthLDAPURL "ldaps://myldap:636/DC=XX,DC=com?sAMAccountName?sub?(objectClass=user)" NONE
AuthLDAPBindDN "CN=User,OU=Service Accounts,DC=XX,DC=com"
AuthLDAPBindPassword "password"
### If you need them to be just a member of the domain, use this:
#require ldap-attribute objectClass=user
### Group based authentication. Users should be part of the group exactly, and not nested inside other groups
require ldap-group CN=XX,OU=Groups,DC=nov,DC=com
require ldap-group CN=YY,OU=Security Mail Enabled,OU=Groups,DC=XX,DC=com
</Directory>
ErrorLog /home/git/myserver/logs/error.log
CustomLog /home/git/myserver/logs/access.log combined
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel debug
AssignUserID git git
SSLEngine On
SSLCertificateFile /etc/ssl/apache/myserver.cer
SSLCertificateKeyFile /etc/ssl/apache/myserver.key
</VirtualHost>
我gitweb.conf文件:
My gitweb.conf file:
# path to git projects (<project>.git)
$projectroot = "/var/lib/gitolite/repositories";
# directory to use for temp files
$git_temp = "/tmp";
$site_name = "Git";
# target of the home link on top of all pages
#$home_link = $my_uri || "/";
# html text to include at home page
#$home_text = "indextext.html";
# file with project list; by default, simply scan the projectroot dir.
$projects_list = "/var/lib/gitolite/projects.list";
@git_base_url_list = qw(ssh://gitolite@myip);
# stylesheet to use
#@stylesheets = ("static/gitweb.css");
# javascript code for gitweb
#$javascript = "static/gitweb.js";
# logo to use
#$logo = "static/git-logo.png";
# the 'favicon'
#$favicon = "static/git-favicon.png";
# git-diff-tree(1) options to use for generated patches
#@diff_opts = ("-M");
@diff_opts = ();
$feature{'highlight'}{'default'} = [1];
和我conf.d / GitWeb里的文件:
And my conf.d/gitweb file:
Alias /gitweb /usr/share/gitweb
<Directory /usr/share/gitweb>
Options FollowSymLinks +ExecCGI
AddHandler cgi-script .cgi
</Directory>
任何想法或建议,多AP preciated。
Any thoughts or suggestions are much appreciated.
谢谢!
推荐答案
的Git与LDAP(GIT本身,而不是叫做gitweb)是precisely我在我的项目做:结果
看到我的<一个href=\"https://github.com/VonC/compileEverything/blob/add0ff523fac62a46500d915ebf4d786bb3a994d/apache/env.conf.tpl#L95-L132\"相对=nofollow> httpd.conf中
Git with LDAP (git itself, not gitweb) is precisely what I do in my project:
See my httpd.conf
我首先定义了几个LDAP别名(如果你愿意,你可以反对的若干个的验证LDAP):
I define first a couple of LDAP aliases (you can authenticate against several LDAP if you want):
<AuthnProviderAlias ldap myldap>
AuthLDAPBindDN cn=Manager,dc=example,dc=com
AuthLDAPBindPassword secret
AuthLDAPURL ldap://localhost:@PORT_LDAP_TEST@/dc=example,dc=com?uid?sub?(objectClass=*)
</AuthnProviderAlias>
# LDAP_START
<AuthnProviderAlias ldap companyldap>
AuthLDAPBindDN "@LDAP_BINDDN@"
AuthLDAPBindPassword @LDAP_PASSWORD@
AuthLDAPURL @LDAP_URL@
</AuthnProviderAlias>
# LDAP_END
(所有 @xxx @ 你看到的是我与实际值进行替代模板占位符版本)
(All the @xxx@ you see are template placeholders that I replace with actual values later)
然后我定义我的虚拟主机(不同的端口比用于GitWeb里一对):
Then I define my VirtualHost (on a different port than the one used for gitweb):
(摘录):
# GitHttp on @PORT_HTTP_HGIT@
Listen @PORT_HTTP_HGIT@
<VirtualHost @FQN@:@PORT_HTTP_HGIT@>
ServerName @FQN@
ServerAlias @HOSTNAME@
SSLCertificateFile "@H@/apache/crt"
SSLCertificateKeyFile "@H@/apache/key"
SSLEngine on
SetEnv GIT_PROJECT_ROOT @H@/repositories
SetEnv GIT_HTTP_EXPORT_ALL
SetEnv GITOLITE_HTTP_HOME @H@
ScriptAlias /hgit/ @H@/sbin/gitolite-shell/
SetEnv GIT_HTTP_BACKEND "@H@/usr/local/apps/git/libexec/git-core/git-http-backend"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Location /hgit>
SSLOptions +StdEnvVars
Options ExecCGI +FollowSymLinks +SymLinksIfOwnerMatch
#AllowOverride All
order allow,deny
Allow from all
AuthName "LDAP authentication for Smart HTTP Git repositories"
AuthType Basic
AuthBasicProvider myldap companyldap
AuthzLDAPAuthoritative Off
Require valid-user
AddHandler cgi-script cgi
</Location>
</VirtualHost>
下面这调用gitolite 的,但如果你直接调用的git-HTTP后端(这是从混帐脚本本身无关gitolite),你会给不受限制地访问你的混帐回购协议,通过HTTP(S)与LDAP身份验证
Here this is calling gitolite, but if you call directly git-http-backend (which is a script from git itself, nothing to do with gitolite), you would give unrestricted access to your git repo, through http(s) with LDAP authentication
ScriptAlias /hgit/ @H@/usr/local/apps/git/libexec/git-core/git-http-backend
这篇关于使用LDAP的Git在Ubuntu与Apache的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
