> 1. is there a way to prevent not authorized users of reading the source code?
Not sure if this would answer for number 2 or not, but number 1 is possible if you allow 401 authentication in Apache. I've not tested this, so please don't blame me if it totally fails on your side. For example, in your /etc/apache2/sites-available/gitorious (or gitorious-ssl?), add the following in between the <VirtualHosts> bits: AuthBasicProvider ldap AuthName "ldap auth" AuthType Basic AuthBasicAuthoritative Off AuthLDAPURL "ldap:// some-ldap-site.company.com:389/dc=company,dc=com?sAMAccountName?sub?(objectClass=*) " AuthLDAPBindDN "COMPANY\someaccounttoauthbind" AuthLDAPBindPassword "this is a very secure password" Require valid-user Of course you will probably need the required apache modules, namely auth_ldap, and if you need a certain group to access, you probably need to change the AuthLDAPURL line to something appropriate, or have AuthLDAPBindDN to some user than can only authenticate some group of people. One problem with this though is that your user will have to login twice, one to apache, and one to Gitorious. If Gitorious allows apache site authentications, i.e. the REMOTE_USER variable to login, then authenication mechanisms can be made through apache, NTLM, Kerberos, Mysql, LDAP, AD, etc. That would be sweet ;) Again, I've not tested this, but this is the kind of configuration we use on SVN and other services. On Tue, Oct 25, 2011 at 11:24 PM, IronMania <[email protected]>wrote: > Hi, > > 1. is there a way to prevent not authorized users of reading the > source code? > 2. if there is a way, could that be "easily" combined with LDAP user > groups? > > Thank you for your Help! > Joerg > > -- > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > -- To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected]
