通过 LDAP 带有 http 访问权限的 gitolite 不传递用户名 [英] gitolite with http acces via LDAP does not pass the username

问题描述

我正在尝试设置一个 git 服务器:

I'm trying to setup a git server with:

• http-access 能够像这样克隆存储库:

• http-access to be able to clone repositories like this:

git clone http://mygitserver/repository

有一个网络界面 (gitweb)，如果可能的话，每个用户都有限制

have a web interface (gitweb), if possible with restrictions per user

基于 LDAP 帐户控制访问

control access based on LDAP accounts

到目前为止，我已经启动并运行了 gitweb；当我访问

So far I have gitweb up and running; when I access

http://gitserver/

它要求 ldap 登录以及我何时提供此信息；它显示所有存储库(甚至是 gitolite-admin 存储库...不太好)

it asks ldap login and when I provide this; it shows all repositories (even gitolite-admin repository... not so good)

当我尝试克隆时，出现错误:

When I try to clone, I get the error:

fatal: http://gitserver/<reponame>.git/info/refs not valid: is this a git repository?

我深入研究，发现 gitolite-suexec-wrapper.sh 没有收到 LDAP 用户名；所以 gitolite 无法授予访问权限，因为用户名是空的...有什么想法吗?

I dug into it and I found out that the gitolite-suexec-wrapper.sh does not receive the LDAP username; so gitolite cannot grant access since the username is empty... any ideas?

这是我的配置:

我的 apache 配置文件如下所示:http://gitolite.com/gitolite/g2/ggshb.html.最有趣的部分是:

my apache configuration file looks like the one here: http://gitolite.com/gitolite/g2/ggshb.html. The most interesting part is this:

ScriptAliasMatch \
        "(?x)^/(.*/(HEAD | \
                        info/refs | \
                        objects/(info/[^/]+ | \
                                 [0-9a-f]{2}/[0-9a-f]{38} | \
                                 pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
                        git-(upload|receive)-pack))$" \
        /srv/www/bin/gitolite-suexec-wrapper.sh/$1

由于某种原因，参数 $1 未通过或为空....在 apache 日志中我得到以下几行:

for one or another reason the parameter $1 is not passed or is empty.... in the apache log I get these lines:

10.1.86.100 - - [22/Jan/2014:18:09:52 +0100] "GET /git/<reponame>.git/info/refs?service=git-upload-pack HTTP/1.1" 401 - "-" "git/1.8.4"
601 10.1.86.100 - - [22/Jan/2014:18:09:57 +0100] "GET /git/<reponame>.git/info/refs?service=git-upload-pack HTTP/1.1" 401 - "-" "git/1.8.4"
602 10.1.86.100 - chris.maes [22/Jan/2014:18:09:57 +0100] "GET /git/<reponame>.git/info/refs?service=git-upload-pack HTTP/1.1" 200 120 "-" "git/1.8.4"

哦，是的；我的环境:开放使用 13.1硅藻土 2.3.1git 1.8.4

oh yes; my environment: Opensuse 13.1 gitolite 2.3.1 git 1.8.4

推荐答案

两种解决方案是:

1/Apache + ldap，调用gitolite-shell (gitolie V3)

1/ Apache + ldap, calling gitolite-shell (gitolie V3)

 ScriptAlias /hgit/ @H@/sbin/gitolite-shell/
    SetEnv GIT_HTTP_BACKEND "@H@/usr/local/apps/git/libexec/git-core/git-http-backend"
    <FilesMatch "\.(cgi|shtml|phtml|php)$">
      SSLOptions +StdEnvVars
    </FilesMatch>
    <Location /hgit>
        SSLOptions +StdEnvVars
        Options +ExecCGI +FollowSymLinks +SymLinksIfOwnerMatch
        #AllowOverride All
        order allow,deny
        Allow from all
        AuthName "LDAP authentication for ITSVC Smart HTTP Git repositories"
        AuthType Basic
        AuthBasicProvider myldap companyldap

2/或者 GitLab，有 LDAP 认证:设置 gitlab LDAP 认证，无需特殊 gitlab 用户"
请参阅 config 代码/code> ldap 部分.

2/ Or GitLab, which had LDAP authentication: "setting up gitlab LDAP-authentication without special gitlab user"
See the config gitlab.yml ldap section.

这篇关于通过 LDAP 带有 http 访问权限的 gitolite 不传递用户名的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！