Hello all,
I try to setup the git-http-backend with apache webserver on my ubuntu
14.04 but it does not work as it should. I read the documention about this
on http://git-scm.com/docs/git-http-backend and also searched for it. But
something went wrong for me. So first of all my configuration.
ComputerA should host the "central" repository using git version 2.4.3 and
Apache/2.4.7. And this central repository should be accesable for anonymus
pull but push should be protected. The users are stored in a ldap
directory. So since public read and protected write is exactly what the doc
does in the example it should not be so hard I thought.
So here is my apache config:
SetEnv GIT_PROJECT_ROOT /srv/git/repositories
SetEnv GIT_HTTP_EXPORT_ALL
ScriptAlias /git/ /usr/lib/git-core/git-http-backend/
RewriteCond %{QUERY_STRING} service=git-receive-pack [OR]
RewriteCond %{REQUEST_URI} /git-receive-pack$
RewriteRule ^/git/ - [E=AUTHREQUIRED:yes]
<LocationMatch "^/git/">
Order Deny,Allow
Deny from env=AUTHREQUIRED
AuthType Basic
AuthName "Developer Login"
AuthBasicProvider ldap
AuthLDAPBindDN "cn=apache_service_user,dc=domain"
AuthLDAPBindPassword "secret"
AuthLDAPURL "ldap://ldap_server.domain/ou=Users,dc=domain?uid?sub";
AuthLDAPGroupAttribute memberUid
AuthLDAPGroupAttributeIsDN off
Require ldap-group cn=developers_group,ou=Groups,dc=domain
Satisfy Any
</LocationMatch>
Beside the LDAP part and some path changes, prety the example config I
think.
So, with this config I have the following behavior.
1. pull work fine for everybody.
2. push does not work for anybody. No credentials are asked.
So for push I get the following respond:
fatal: unable to access 'http://server.domain/git/project/': The requested
URL returned error: 403
The doc tells that this is normal, since the git client never get's the
chance to ask for the credentials. So it tells, set "http.receivepack" and
this will work.
So I set the option to true in my bare repositorys config:
[http]
receivepack = true
But now, something strange happen. I have following behavior:
1. pull work fine for everybody.
2. push work for everybody. No credentials are asked.
So now I have a repository that is not protected at all. Just everybody can
read and write.
Well I have no idea what's the problem here. Maybe you guys can help?
Thanks for your time.
Tobi
--
You received this message because you are subscribed to the Google Groups "Git
for human beings" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
