Clever Geek Handbook

Gitolite with http acces over LDAP does not pass username

I am trying to set up a git server to:

  • http-access to be able to clone repositories like this:

    git clone http://mygitserver/repository

  • have a web interface (gitweb) if possible with user restrictions

  • access control based on LDAP accounts

As long as I have gitweb; when i access

http://gitserver/

it asks for the ldap username and when i provide that; it shows all repositories (even the gitolite-admin repository ... not very good)

When I try to clone, I get an error:

fatal: http://gitserver/<reponame>.git/info/refs not valid: is this a git repository?

I dug into it and I found out that gitolite-suexec-wrapper.sh is not getting LDAP username; so gitolite cannot grant access as username is empty ... any ideas?

here is my config:

My apache config file looks like this: http://gitolite.com/gitolite/g2/ggshb.html . The most interesting part:

ScriptAliasMatch \
        "(?x)^/(.*/(HEAD | \
                        info/refs | \
                        objects/(info/[^/]+ | \
                                 [0-9a-f]{2}/[0-9a-f]{38} | \
                                 pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
                        git-(upload|receive)-pack))$" \
        /srv/www/bin/gitolite-suexec-wrapper.sh/$1

for one reason or another the $ 1 parameter is not passed or is empty .... in the apache log I get the following lines:

10.1.86.100 - - [22/Jan/2014:18:09:52 +0100] "GET /git/<reponame>.git/info/refs?service=git-upload-pack HTTP/1.1" 401 - "-" "git/1.8.4"
601 10.1.86.100 - - [22/Jan/2014:18:09:57 +0100] "GET /git/<reponame>.git/info/refs?service=git-upload-pack HTTP/1.1" 401 - "-" "git/1.8.4"
602 10.1.86.100 - chris.maes [22/Jan/2014:18:09:57 +0100] "GET /git/<reponame>.git/info/refs?service=git-upload-pack HTTP/1.1" 200 120 "-" "git/1.8.4"

Oh yeah; my environment: Opensuse 13.1 gitolite 2.3.1 git 1.8.4

+1


source to share


1 answer


Two solutions:

1 / Apache + ldap calling gitolite-shell

(gitolie V3)



 ScriptAlias /hgit/ @H@/sbin/gitolite-shell/
    SetEnv GIT_HTTP_BACKEND "@H@/usr/local/apps/git/libexec/git-core/git-http-backend"
    <FilesMatch "\.(cgi|shtml|phtml|php)$">
      SSLOptions +StdEnvVars
    </FilesMatch>
    <Location /hgit>
        SSLOptions +StdEnvVars
        Options +ExecCGI +FollowSymLinks +SymLinksIfOwnerMatch
        #AllowOverride All
        order allow,deny
        Allow from all
        AuthName "LDAP authentication for ITSVC Smart HTTP Git repositories"
        AuthType Basic
        AuthBasicProvider myldap companyldap

2 / Or GitLab, which had LDAP authentication: " configuring gitlab LDAP authentication without a dedicated gitlab user "
See the ldap configgitlab.yml

section .

+1


source






More articles:


All Articles