问题描述
我是 Git 新手,正在尝试安装 Git、Gitolite 和 Gitweb,并与 LDAP 一起使用.到目前为止,我们已经让 Gitweb 使用 LDAP.我已经查看了许多发布在网络上的帖子和指南,但还没有找到解决方案.这是在带有 Apache 2.2.22 的 Ubuntu 12.04.2 服务器上.我不是任何这些技术的专家,所以如果我遗漏了一些明显的东西,请告诉我.:)
I'm new to Git and trying to get an installation of Git, Gitolite, and Gitweb working with LDAP. So far, we have Gitweb working with LDAP. I've reviewed many posts and guides posted around the web, but have not found a solution yet. This is on an Ubuntu 12.04.2 server with Apache 2.2.22. I'm not an expert in any of these technologies, so if I'm missing something obvious please let me know. :)
我的网站文件包含:
<VirtualHost *:80>
ServerAdmin admin
ServerName myserver
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
DocumentRoot /home/git/myserver/http/
<Directory /home/git/myserver/http/>
</Directory>
ErrorLog /home/git/myserver/logs/error.log
CustomLog /home/git/myserver/logs/access.log combined
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel debug
AssignUserID git git
</VirtualHost>
<VirtualHost myserver:443>
ServerAdmin me
ServerName myserver
DocumentRoot /usr/share/gitweb/
<Directory /usr/share/gitweb/>
AuthBasicProvider ldap
AuthType Basic
AuthName "Git Server"
AuthLDAPURL "ldaps://myldap:636/DC=XX,DC=com?sAMAccountName?sub?(objectClass=user)" NONE
AuthLDAPBindDN "CN=User,OU=Service Accounts,DC=XX,DC=com"
AuthLDAPBindPassword "password"
### If you need them to be just a member of the domain, use this:
#require ldap-attribute objectClass=user
### Group based authentication. Users should be part of the group exactly, and not nested inside other groups
require ldap-group CN=XX,OU=Groups,DC=nov,DC=com
require ldap-group CN=YY,OU=Security Mail Enabled,OU=Groups,DC=XX,DC=com
</Directory>
ErrorLog /home/git/myserver/logs/error.log
CustomLog /home/git/myserver/logs/access.log combined
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel debug
AssignUserID git git
SSLEngine On
SSLCertificateFile /etc/ssl/apache/myserver.cer
SSLCertificateKeyFile /etc/ssl/apache/myserver.key
</VirtualHost>
我的 gitweb.conf 文件:
My gitweb.conf file:
# path to git projects (<project>.git)
$projectroot = "/var/lib/gitolite/repositories";
# directory to use for temp files
$git_temp = "/tmp";
$site_name = "Git";
# target of the home link on top of all pages
#$home_link = $my_uri || "/";
# html text to include at home page
#$home_text = "indextext.html";
# file with project list; by default, simply scan the projectroot dir.
$projects_list = "/var/lib/gitolite/projects.list";
@git_base_url_list = qw(ssh://gitolite@myip);
# stylesheet to use
#@stylesheets = ("static/gitweb.css");
# javascript code for gitweb
#$javascript = "static/gitweb.js";
# logo to use
#$logo = "static/git-logo.png";
# the 'favicon'
#$favicon = "static/git-favicon.png";
# git-diff-tree(1) options to use for generated patches
#@diff_opts = ("-M");
@diff_opts = ();
$feature{'highlight'}{'default'} = [1];
还有我的 conf.d/gitweb 文件:
And my conf.d/gitweb file:
Alias /gitweb /usr/share/gitweb
<Directory /usr/share/gitweb>
Options FollowSymLinks +ExecCGI
AddHandler cgi-script .cgi
</Directory>
非常感谢任何想法或建议.
Any thoughts or suggestions are much appreciated.
谢谢!
推荐答案
带有 LDAP 的 Git(git 本身,而不是 gitweb)正是我在项目中所做的:
请参阅我的 httpd.conf
Git with LDAP (git itself, not gitweb) is precisely what I do in my project:
See my httpd.conf
我首先定义了几个 LDAP 别名(如果需要,您可以针对 几个 LDAP 进行身份验证):
I define first a couple of LDAP aliases (you can authenticate against several LDAP if you want):
<AuthnProviderAlias ldap myldap>
AuthLDAPBindDN cn=Manager,dc=example,dc=com
AuthLDAPBindPassword secret
AuthLDAPURL ldap://localhost:@PORT_LDAP_TEST@/dc=example,dc=com?uid?sub?(objectClass=*)
</AuthnProviderAlias>
# LDAP_START
<AuthnProviderAlias ldap companyldap>
AuthLDAPBindDN "@LDAP_BINDDN@"
AuthLDAPBindPassword @LDAP_PASSWORD@
AuthLDAPURL @LDAP_URL@
</AuthnProviderAlias>
# LDAP_END
(您看到的所有 @xxx@ 都是模板占位符,我稍后会用实际值替换)
(All the @xxx@ you see are template placeholders that I replace with actual values later)
然后我定义我的 VirtualHost(在与 gitweb 使用的端口不同的端口上):
Then I define my VirtualHost (on a different port than the one used for gitweb):
(摘录):
# GitHttp on @PORT_HTTP_HGIT@
Listen @PORT_HTTP_HGIT@
<VirtualHost @FQN@:@PORT_HTTP_HGIT@>
ServerName @FQN@
ServerAlias @HOSTNAME@
SSLCertificateFile "@H@/apache/crt"
SSLCertificateKeyFile "@H@/apache/key"
SSLEngine on
SetEnv GIT_PROJECT_ROOT @H@/repositories
SetEnv GIT_HTTP_EXPORT_ALL
SetEnv GITOLITE_HTTP_HOME @H@
ScriptAlias /hgit/ @H@/sbin/gitolite-shell/
SetEnv GIT_HTTP_BACKEND "@H@/usr/local/apps/git/libexec/git-core/git-http-backend"
<FilesMatch ".(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Location /hgit>
SSLOptions +StdEnvVars
Options ExecCGI +FollowSymLinks +SymLinksIfOwnerMatch
#AllowOverride All
order allow,deny
Allow from all
AuthName "LDAP authentication for Smart HTTP Git repositories"
AuthType Basic
AuthBasicProvider myldap companyldap
AuthzLDAPAuthoritative Off
Require valid-user
AddHandler cgi-script cgi
</Location>
</VirtualHost>
这里是调用gitolite,但是如果你直接调用git-http-backend(这是一个来自git的脚本本身,与 gitolite 无关),您可以通过带有 LDAP 身份验证的 http(s) 不受限制地访问您的 git 存储库
Here this is calling gitolite, but if you call directly git-http-backend (which is a script from git itself, nothing to do with gitolite), you would give unrestricted access to your git repo, through http(s) with LDAP authentication
ScriptAlias /hgit/ @H@/usr/local/apps/git/libexec/git-core/git-http-backend
这篇关于带有 Apache 的 Ubuntu 上的 Git 和 Ldap的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!