How to setup Git http authentication using LDAP in Apache
来源:互联网 发布:智能化网点优化建议 编辑:程序博客网 时间:2024/04/29 17:56
In earlier article, I have described setting up git server with gitolite, gitweb, ssh and http auth using passwd file. Here as an extension of that article, I am describing how to do authentication using LDAP so that authentication become more seamless and avoid any sort of manual work for managing access when you have LDAP for authenticating users.
Before proceeding for change in config, you should confirm that ldap and authnz_ldap modules are there in Apache. You can check that using httpd -M command, following should be there in output:
************************************
$ httpd -M
.. ldap_module (shared)
authnz_ldap_module (shared)
************************************
If this is not the case, then please install these modules and make sure you load them in your Apache config (usually /etc/httpd/conf/httpd.conf 或者 /etc/apache2/apache2.conf) like this:
************************************************************************
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
************************************************************************
After having these modules to facilitate authentication, we need to remove or comment out following lines in our git config file /etc/httpd/conf.d/git.conf(对应的是apache下对gerrit的配置文件):
************************************************************************
<Location />
AuthType Basic
AuthName "Private Git Access"
Require valid-user
AuthUserFile /var/www/gitweb/passfile
</Location>
************************************************************************
After removing or commenting out above lines, put these lines in the file:
************************************************************************************************************
<Location "/">
AuthType Basic
AuthName "Git Authentication"
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPURL "ldap://<my ad server>:389/ou=xx,dc=xx,dc=xx,dc=com?sAMAccountName?sub?(objectClass=user)"
AuthLDAPBindDN <user>@<mydomain>
AuthLDAPBindPassword <user password>
Require valid-user
</Location>
************************************************************************************************************
Here make sure to supply correct LDAP url and provide info of one user and its password so that Apache can contact LDAP to retrieve authentication information. You also needs to update gitolite.conf to manage authorization for git repositories for LDAP user.
Common issues:
If authentication not working, put “Loglevel Debug” option in your Apache VirtualHost and check Apache error logs. In case you notice following error:
************************************************************************************************************************************************
[Wed Apr 18 15:02:13 2012] [debug] mod_authnz_ldap.c(454): [client xx.xx.xx.xx] [25749] auth_ldap authenticate: accepting user.name
[Wed Apr 18 15:02:13 2012] [debug] mod_authnz_ldap.c(821): [client xx.xx.xx.xx] [25749] auth_ldap authorise: declining to authorise
************************************************************************************************************************************************
Then make sure AuthzLDAPAuthoritative off entry is there in Apache git config file, I have already mentioned it above just in case if you missed it.
In case you notice “[User Not Found]” in error log, then check your user name again and make sure the user exist in correct OU/group specified in ldap url.
Before proceeding for change in config, you should confirm that ldap and authnz_ldap modules are there in Apache. You can check that using httpd -M command, following should be there in output:
************************************
$ httpd -M
.. ldap_module (shared)
authnz_ldap_module (shared)
************************************
If this is not the case, then please install these modules and make sure you load them in your Apache config (usually /etc/httpd/conf/httpd.conf 或者 /etc/apache2/apache2.conf) like this:
************************************************************************
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
************************************************************************
After having these modules to facilitate authentication, we need to remove or comment out following lines in our git config file /etc/httpd/conf.d/git.conf(对应的是apache下对gerrit的配置文件):
************************************************************************
<Location />
AuthType Basic
AuthName "Private Git Access"
Require valid-user
AuthUserFile /var/www/gitweb/passfile
</Location>
************************************************************************
After removing or commenting out above lines, put these lines in the file:
************************************************************************************************************
<Location "/">
AuthType Basic
AuthName "Git Authentication"
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPURL "ldap://<my ad server>:389/ou=xx,dc=xx,dc=xx,dc=com?sAMAccountName?sub?(objectClass=user)"
AuthLDAPBindDN <user>@<mydomain>
AuthLDAPBindPassword <user password>
Require valid-user
</Location>
************************************************************************************************************
Here make sure to supply correct LDAP url and provide info of one user and its password so that Apache can contact LDAP to retrieve authentication information. You also needs to update gitolite.conf to manage authorization for git repositories for LDAP user.
Common issues:
If authentication not working, put “Loglevel Debug” option in your Apache VirtualHost and check Apache error logs. In case you notice following error:
************************************************************************************************************************************************
[Wed Apr 18 15:02:13 2012] [debug] mod_authnz_ldap.c(454): [client xx.xx.xx.xx] [25749] auth_ldap authenticate: accepting user.name
[Wed Apr 18 15:02:13 2012] [debug] mod_authnz_ldap.c(821): [client xx.xx.xx.xx] [25749] auth_ldap authorise: declining to authorise
************************************************************************************************************************************************
Then make sure AuthzLDAPAuthoritative off entry is there in Apache git config file, I have already mentioned it above just in case if you missed it.
In case you notice “[User Not Found]” in error log, then check your user name again and make sure the user exist in correct OU/group specified in ldap url.
转自:http://linuxadminzone.com/how-to-setup-git-http-authentication-using-ldap-in-apache/
In earlier article, I have described setting up git server with gitolite, gitweb, ssh and http auth using passwd file. Here as an extension of that article, I am describing how to do authentication using LDAP so that authentication become more seamless and avoid any sort of manual work for managing access when you have LDAP for authenticating users. - See more at: http://linuxadminzone.com/how-to-setup-git-http-authentication-using-ldap-in-apache/#sthash.Wk2W2jAr.dpuf
0 0
- How to setup Git http authentication using LDAP in Apache
- 如何在RHEL6上配置PAM LDAP认证(How to setup LDAP Authentication for PAM on RHEL6 x86_64)
- How-to: Enable User Authentication and Authorization in Apache HBase
- HOWTO Setup LDAP GSSAPI+Kerberos Authentication in CAS
- How to get all the members in user group by using LDAP in Perl?
- [转]How To Setup MogileFS & Using MogileFS
- How To Setup MogileFS & Using MogileFS
- [转]How To Setup MogileFS & Using MogileFS
- [转]How To Setup MogileFS & Using MogileFS
- How to run (git/ssh) authentication agent?
- How to integrate LDAP in Perl?
- How to setup Apache + Python + Django + mod_wsgi
- how-to setup apache on mac
- How to setup tomcat in linux?
- How to setup signature image in outlook
- How to setup FTP server in ubuntu
- how to setup telnet in ubuntu
- how to setup dns in android
- mount命令里的bind选项
- MySql和Sqlite启动事务
- 【c语言】译密码。将字母变成其后的第4个字母,非字母不变
- IOS 开发的特殊语法与操作
- aapt.exe已停止工作-by TomHawk
- How to setup Git http authentication using LDAP in Apache
- 剑指Offer之 - 数组中的逆序对
- 关于在vs2013中配置opengl红宝书第八版环境
- C#反射Assembly 详细说明
- coco2dx-定时器(Scheduler)原理二 -- Scheduler
- E - Minimal Ratio Tree
- Java-第四课命令行执行Java文件
- 排序算法--归并排序(JAVA)
- /bin/sh^M:bad interpreter: No such file or directory