William Muriithi wrote:
I have set up gitolite3 and its working fine when I connect to it
through ssh. I am using LDAP (FreeIPA) for authorization.
When I connect through http/https, I am authenticated, but I believe
authorization is not working. I have not been able to figure how to
work around it..
git clone http://will...@git1.example.com/git/Design.git
But after Apache authenticate me, it passes will...@example.loc not
william to gitolite. When the name will...@example.loc is passed to
the group searching script, it returns null and hence the error below
2013-05-29.14:51:19 12567 access(Design,
will...@example.loc, R, 'any'),-> R any Design will...@example.loc
DENIED by fallthru
2013-05-29.14:51:19 12567 trigger,Writable,access_1,
ACCESS_1,Design,will...@example.loc,R,any,R any Design
will...@example.loc DENIED by fallthru
2013-05-29.14:51:19 12567 die R any Design
will...@example.loc DENIED by fallthru<<newline>>(or you mis-spelled
The question is, how would I coerce apache or kerberos to pass
gitolite only section before the @ character?
With mod_auth_kerb >= 5.4 you can use KrbLocalUserMapping on to strip
Freeipa-users mailing list