OpenSUSE中Apache的 - 视窗LDAP - 组用户身份验证 - 水银 [英] OpenSUSE Apache - Windows LDAP - group user authentication - Mercurial

问题描述

• 操作系统：Linux的openSUSE当中


• 版本控制：水银汞


• Web前端：的Apache2.2

我能够单击浏览http：//服务器：端口/ HG

当我点击它很快，它会提示我的Windows AD目录的凭据。

现在，我在/ SRV /网络/ htdocs中/ HG /下面的仓库回购协议文件夹：

• RepoProjectA


• RepoProjectB


• RepoProjectC

点击上面的链接库就OK因为我能看到汞柱前端。

现在，我想补充的认证和授权，因此：

• A）

  
  
  • 只有用户c123456，c654321可以RepoProjectA提交文件。
  
  
  • 只有用户c222222和c333333能推的变化并没有其他人不能推
  
  

  针对上述情况，（???）我需要改变什么变化率（s）哪些文件/进入我要补充
  要做到这一点。

  PS：我使用Windows Active Directory的使用LDAP身份验证。我仍然需要
     使用htpasswd2或htdigest2模块创建任何用户文件--o​​r授予
     访问组创建任何group文件????我以为，各组可以采取
     什么是已经存在于Active Directory中。由于这些不同的项目
     资料库，我是否需要单独的.htaccess文件？将不是一个单一的全局文件做
     诀窍？




• B）

  
  
  • 只有用户u123456和u654321可以RepoProjectB的分支BRANCH1提交的文件。
    （假设我们在RepoProjectB一个分支BRANCH1）。
  
  
  • 只有用户u222222和u333333可以推动文件
  
  
  • 没有人可以提交/主干推什么/默认分支
  
  
  • 例外：从组RepoProjectB-GROUP或ABCDGroup每个人都可以做任何事情
    这个仓库或它的分支机构。
  
  

针对上述情况，（???）我需要哪些文件来改变和改变什么（S）/进入我要补充，以实现这一目标。

• C）我试图用CMD提示和实用TortoiseHg从我的Windows客户机上，而
   在汞（克隆，分支，添加，提交，推等）做任何操作，我提示
   提供用户名和密码每次。它的工作，但我得到提示
   汞的每一个动作。

  我怎么能限制有用户只提供Windows活动目录凭据
   每一次会议。

任何人都可以放一些光芒。

解决方案

这是善变的钥匙圈的事一定进展，接下来我要做的是开始使用更精细的群组，并允许/目录在指令的方式否认。

在更多的相关信息：

<$p$p><$c$c>http://stackoverflow.com/questions/14267873/mercurial-hg-no-changes-found-cant-hg-push-out/14269997#14269997
http://www.linuxquestions.org/questions/showthread.php?p=4867412#post4867412
http://stackoverflow.com/questions/12503421/hg-push-error-and-username-not-specified-in-hg-hgrc-keyring-will-not-be-used/14270602#14270602
http://stackoverflow.com/questions/12468634/opensuse-apache-windows-ldap-group-user-authentication-mercurial/14270648#14270648

如果提示您多次在善变的用户凭据。设置Mercurial_Keyring然后

这个问题来了没人在一个简单的方法来解释。

??? - 如何让

[验证]
的 XX preFIX =服务器/ hg_or_something 的
根据服务器名/ HG位置的所有仓库工作或者如果我使用服务器名称，服务器名称的IP或服务器名称的FQDN？

答：阿伦•2分钟前
         -

  OK，我把这个在〜/ .hgrc（的Linux / Unix入户目录的.hgrc隐藏文件）或Windows用户％USERPROFILE％/ mercurial.ini或％HOME％/善变.ini文件。[验证]
default1.schemes = HTTP HTTPS
缺省1。preFIX = hg_merc_server / HG
default1.username = c123456default2.schemes = HTTP HTTPS
默认2。preFIX = hg_merc_server.company.com/hg
default2.username = c123456default3.schemes = HTTP HTTPS
default3。preFIX = 10.211.222.321/hg
default3.username = c123456现在，我可以检出使用Server / IP /服务器的FQDN。
 

• OS: OpenSUSE Linux
• Version control: Mercurial Hg
• Web Front: Apache2.2

I'm able to click browse http : // servername : port/ hg

As soon as I click on it, it prompts me for Windows AD directory credentials.

Now, I have the following repositories in /srv/www/htdocs/hg/repos folder:

• RepoProjectA
• RepoProjectB
• RepoProjectC

clicking on the above repository links is OK as I'm able to see Hg front end.

Now, I want to add authentication and authorization so that:

• A)

  • Only users "c123456", "c654321" can commit files in RepoProjectA.
  • Only users "c222222" and "c333333" can push the changes and no one else can't push

  For the above, what files (???) I need to change and what change(s)/entry should I add to make this happen.

  PS: I'm using LDAP as authentication using Windows Active Directory. Do I still need to use htpasswd2 or htdigest2 modules to create any user files --or for granting access to a group create any group file???? I thought, the groups can be taken from what's already there in Active directory. As these are different project repositories, do I need individual .htaccess files? Won't a single global file do the trick?

• B)

  • Only users "u123456" and "u654321" can commit files on branch "branch1" of RepoProjectB. (assuming we have a branch "branch1" in RepoProjectB).
  • Only users "u222222" and "u333333" can push the files
  • No one can commit/push anything on TRUNK/default branch
  • Exception: Everyone from group "RepoProjectB-GROUP" or "ABCDGroup" can do anything in this repository or it's branches.

For the above, what files (???) I need to change and what change(s)/entry should I add to make this happen.

• C) I tried using CMD prompt and utility TortoiseHg from my Windows client machine, while doing any operations in Hg (clone, branch, add, commit, push, etc), I'm prompted for providing username and password every time. It's working, but I'm getting prompt for every action in Hg.

  How can I restrict to have user provide Windows Active Directory Credentials only once per session.

Can anybody put some light.

解决方案

Some progress on mercurial keyring thing, next i'll do is to start using more granular groups and allow/deny at Directory directive way.

more related info at:

http://stackoverflow.com/questions/14267873/mercurial-hg-no-changes-found-cant-hg-push-out/14269997#14269997
http://www.linuxquestions.org/questions/showthread.php?p=4867412#post4867412
http://stackoverflow.com/questions/12503421/hg-push-error-and-username-not-specified-in-hg-hgrc-keyring-will-not-be-used/14270602#14270602
http://stackoverflow.com/questions/12468634/opensuse-apache-windows-ldap-group-user-authentication-mercurial/14270648#14270648

if prompted multiple times for user credentials in mercurial. Setup Mercurial_Keyring and then

this question comes which nobody explained in an easy way.

??? -- how to make

[auth]
xx.prefix = servername/hg_or_something

work for all repositories under servername/hg location either if I use servername, servername's IP or servername's FQDN ?

ANSWER: Arun • 2 minutes ago −

OK, I put this in ~/.hgrc (Linux/Unix -home directory's .hgrc hidden file) or Windows users %UserProfile%/mercurial.ini or %HOME%/mercurial.ini file.

[auth]
default1.schemes = http https
default1.prefix = hg_merc_server/hg
default1.username = c123456

default2.schemes = http https
default2.prefix = hg_merc_server.company.com/hg
default2.username = c123456

default3.schemes = http https
default3.prefix = 10.211.222.321/hg
default3.username = c123456

Now, I can checkout using either Server/IP/Server's FQDN.

这篇关于OpenSUSE中Apache的 - 视窗LDAP - 组用户身份验证 - 水银的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！