2

I'm new to Git and trying to get an installation of Git, Gitolite, and Gitweb working with LDAP. So far, we have Gitweb working with LDAP. I've reviewed many posts and guides posted around the web, but have not found a solution yet. This is on an Ubuntu 12.04.2 server with Apache 2.2.22. I'm not an expert in any of these technologies, so if I'm missing something obvious please let me know. :)

My site file contains:

<VirtualHost *:80>
    ServerAdmin admin
    ServerName myserver

    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
    DocumentRoot /home/git/myserver/http/

    <Directory /home/git/myserver/http/>
    </Directory>

   ErrorLog /home/git/myserver/logs/error.log
   CustomLog /home/git/myserver/logs/access.log combined

    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel debug

    AssignUserID git git


</VirtualHost>

<VirtualHost myserver:443>
        ServerAdmin me
    ServerName myserver

    DocumentRoot /usr/share/gitweb/
    <Directory /usr/share/gitweb/>
            AuthBasicProvider ldap
            AuthType Basic
            AuthName "Git Server"
            AuthLDAPURL "ldaps://myldap:636/DC=XX,DC=com?sAMAccountName?sub?(objectClass=user)" NONE
            AuthLDAPBindDN "CN=User,OU=Service Accounts,DC=XX,DC=com"
            AuthLDAPBindPassword "password"
            ### If you need them to be just a member of the domain, use this:
            #require ldap-attribute objectClass=user

            ### Group based authentication. Users should be part of the group exactly, and not nested inside other groups
            require ldap-group CN=XX,OU=Groups,DC=nov,DC=com
            require ldap-group CN=YY,OU=Security Mail Enabled,OU=Groups,DC=XX,DC=com
    </Directory>

   ErrorLog /home/git/myserver/logs/error.log
   CustomLog /home/git/myserver/logs/access.log combined

    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel debug

    AssignUserID git git

    SSLEngine On
    SSLCertificateFile /etc/ssl/apache/myserver.cer
    SSLCertificateKeyFile /etc/ssl/apache/myserver.key


</VirtualHost>

My gitweb.conf file:

# path to git projects (<project>.git)
$projectroot = "/var/lib/gitolite/repositories";

# directory to use for temp files
$git_temp = "/tmp";

$site_name = "Git";

# target of the home link on top of all pages
#$home_link = $my_uri || "/";

# html text to include at home page
#$home_text = "indextext.html";

# file with project list; by default, simply scan the projectroot dir.
$projects_list = "/var/lib/gitolite/projects.list";

@git_base_url_list = qw(ssh://gitolite@myip);

# stylesheet to use
#@stylesheets = ("static/gitweb.css");

# javascript code for gitweb
#$javascript = "static/gitweb.js";

# logo to use
#$logo = "static/git-logo.png";

# the 'favicon'
#$favicon = "static/git-favicon.png";

# git-diff-tree(1) options to use for generated patches
#@diff_opts = ("-M");
@diff_opts = ();

$feature{'highlight'}{'default'} = [1];

And my conf.d/gitweb file:

Alias /gitweb /usr/share/gitweb

<Directory /usr/share/gitweb>
  Options FollowSymLinks +ExecCGI
  AddHandler cgi-script .cgi
</Directory>

Any thoughts or suggestions are much appreciated.

Thanks!

4

2 回答 2

4

带有 LDAP 的 Git(git 本身,而不是 gitweb)正是我在项目中所做的:
参见我的httpd.conf

我首先定义了几个 LDAP 别名(如果需要,您可以针对多个LDAP 进行身份验证):

<AuthnProviderAlias ldap myldap>
  AuthLDAPBindDN cn=Manager,dc=example,dc=com
  AuthLDAPBindPassword secret
  AuthLDAPURL ldap://localhost:@PORT_LDAP_TEST@/dc=example,dc=com?uid?sub?(objectClass=*)
</AuthnProviderAlias>

# LDAP_START
<AuthnProviderAlias ldap companyldap>
  AuthLDAPBindDN "@LDAP_BINDDN@"
  AuthLDAPBindPassword @LDAP_PASSWORD@
  AuthLDAPURL @LDAP_URL@
</AuthnProviderAlias>
# LDAP_END

@xxx@你看到的都是模板占位符,我稍后用实际值替换)

然后我定义了我的VirtualHost(在与 gitweb 不同的端口上):

(提炼):

# GitHttp on @PORT_HTTP_HGIT@
Listen @PORT_HTTP_HGIT@
<VirtualHost @FQN@:@PORT_HTTP_HGIT@>
    ServerName @FQN@
    ServerAlias @HOSTNAME@

    SSLCertificateFile "@H@/apache/crt"
    SSLCertificateKeyFile "@H@/apache/key"
    SSLEngine on

    SetEnv GIT_PROJECT_ROOT @H@/repositories
    SetEnv GIT_HTTP_EXPORT_ALL
    SetEnv GITOLITE_HTTP_HOME @H@
    ScriptAlias /hgit/ @H@/sbin/gitolite-shell/
    SetEnv GIT_HTTP_BACKEND "@H@/usr/local/apps/git/libexec/git-core/git-http-backend"
    <FilesMatch "\.(cgi|shtml|phtml|php)$">
      SSLOptions +StdEnvVars
    </FilesMatch>
    <Location /hgit>
        SSLOptions +StdEnvVars
        Options ExecCGI +FollowSymLinks +SymLinksIfOwnerMatch
        #AllowOverride All
        order allow,deny
        Allow from all
        AuthName "LDAP authentication for Smart HTTP Git repositories"
        AuthType Basic
        AuthBasicProvider myldap companyldap
        AuthzLDAPAuthoritative Off
        Require valid-user
        AddHandler cgi-script cgi
    </Location>

</VirtualHost>

这里调用的是 gitolite,但是如果你直接调用 git-http-backend (这是一个来自 git 本身的脚本,与 gitolite 无关),你可以通过带有 LDAP 身份验证的 http(s) 不受限制地访问你的 git repo

ScriptAlias /hgit/ @H@/usr/local/apps/git/libexec/git-core/git-http-backend
于 2013-08-01T05:18:58.017 回答
0

希望你的问题得到解决。在我放弃并刚刚使用Bitnami 安装程序安装 GitLab 之前,我自己一直在使用 Git / Gitweb / gitolite 搞砸了几天

像一个魅力一样工作(一些小问题,但它让我大开眼界:如果你能找到一个好的“开箱即用”解决方案,不要尝试自己配置所有东西。

于 2014-01-29T16:31:09.833 回答