Am Dienstag, 16. Juni 2015 19:07:08 UTC+2 schrieb tobias zellner:
>
> Hello all,
>
> I try to setup the git-http-backend with apache webserver on my ubuntu
> 14.04 but it does not work as it should. I read the documention about this
> on http://git-scm.com/docs/git-http-backend and also searched for it. But
> something went wrong for me. So first of all my configuration.
> ComputerA should host the "central" repository using git version 2.4.3 and
> Apache/2.4.7. And this central repository should be accesable for
> anonymus pull but push should be protected. The users are stored in a ldap
> directory. So since public read and protected write is exactly what the doc
> does in the example it should not be so hard I thought.
>
> So here is my apache config:
> SetEnv GIT_PROJECT_ROOT /srv/git/repositories
> SetEnv GIT_HTTP_EXPORT_ALL
> ScriptAlias /git/ /usr/lib/git-core/git-http-backend/
>
> RewriteCond %{QUERY_STRING} service=git-receive-pack [OR]
> RewriteCond %{REQUEST_URI} /git-receive-pack$
> RewriteRule ^/git/ - [E=AUTHREQUIRED:yes]
>
> <LocationMatch "^/git/">
> Order Deny,Allow
> Deny from env=AUTHREQUIRED
>
> AuthType Basic
> AuthName "Developer Login"
> AuthBasicProvider ldap
> AuthLDAPBindDN "cn=apache_service_user,dc=domain"
> AuthLDAPBindPassword "secret"
> AuthLDAPURL "ldap://ldap_server.domain/ou=Users,dc=domain
> ?uid?sub"
> AuthLDAPGroupAttribute memberUid
> AuthLDAPGroupAttributeIsDN off
> Require ldap-group cn=developers_group,ou=Groups,dc=domain
>
> Satisfy Any
> </LocationMatch>
>
> Beside the LDAP part and some path changes, prety the example config I
> think.
>
> So, with this config I have the following behavior.
>
> 1. pull work fine for everybody.
> 2. push does not work for anybody. No credentials are asked.
>
> So for push I get the following respond:
> fatal: unable to access 'http://server.domain/git/project/': The
> requested URL returned error: 403
>
> The doc tells that this is normal, since the git client never get's the
> chance to ask for the credentials. So it tells, set "http.receivepack"
> and this will work.
>
> So I set the option to true in my bare repositorys config:
> [http]
> receivepack = true
>
> But now, something strange happen. I have following behavior:
>
> 1. pull work fine for everybody.
> 2. push work for everybody. No credentials are asked.
>
> So now I have a repository that is not protected at all. Just everybody
> can read and write.
>
> Well I have no idea what's the problem here. Maybe you guys can help?
> Thanks for your time.
> Tobi
>
Hello all,
well I found my problem. I just did not enable the rewrite engine. So the
working solution looks now like below:
RewriteEngine on
SetEnv GIT_PROJECT_ROOT /srv/git/repositories
SetEnv GIT_HTTP_EXPORT_ALL
ScriptAlias /git/ /usr/lib/git-core/git-http-backend/
RewriteCond %{QUERY_STRING} service=git-receive-pack [OR]
RewriteCond %{REQUEST_URI} /git-receive-pack$
RewriteRule ^/git/ - [E=AUTHREQUIRED:yes]
<LocationMatch "^/git/">
Order Deny,Allow
Deny from env=AUTHREQUIRED
AuthType Basic
AuthName "Developer Login"
AuthBasicProvider ldap
AuthLDAPBindDN "cn=apache_service_user,dc=domain"
AuthLDAPBindPassword "secret"
AuthLDAPURL "ldap://ldap_server.domain/ou=Users,dc=domain?uid?sub";
AuthLDAPGroupAttribute memberUid
AuthLDAPGroupAttributeIsDN off
Require ldap-group cn=developers_group,ou=Groups,dc=domain
Satisfy Any
</LocationMatch>
Well stupid problem, simple solution. And well it works now with and
without "receivepack".
So thanks again for your time.
Tobi
--
You received this message because you are subscribed to the Google Groups "Git
for human beings" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to git-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
