Hi, To prevent unauthorized users from browsing your repositories, you need to do a couple of things:
- Set private_mode to true in config/gitorious.yml - Disable HTTP pull (these are anonymous by design, and a user could pull repos by guessing URLs). This is done by not serving the git.yourdomain.com alias to the site (which Gitorious uses for HTTP by default) - Disable git:// pulls. Same as above. This is achieved by simply not running the git daemon. Christian On Tue, Oct 25, 2011 at 18:25, Wari Wahab <[email protected]> wrote: > > 1. is there a way to prevent not authorized users of reading the source > code? > > Not sure if this would answer for number 2 or not, but number 1 is possible > if you allow 401 authentication in Apache. I've not tested this, so please > don't blame me if it totally fails on your side. > > For example, in your /etc/apache2/sites-available/gitorious (or > gitorious-ssl?), add the following in between the <VirtualHosts> bits: > > AuthBasicProvider ldap > AuthName "ldap auth" > AuthType Basic > AuthBasicAuthoritative Off > AuthLDAPURL "ldap:// > some-ldap-site.company.com:389/dc=company,dc=com?sAMAccountName?sub?(objectClass=*)<http://some-ldap-site.company.com:389/dc=company,dc=com?sAMAccountName?sub?%28objectClass=*%29> > " > AuthLDAPBindDN "COMPANY\someaccounttoauthbind" > AuthLDAPBindPassword "this is a very secure password" > Require valid-user > > Of course you will probably need the required apache modules, namely > auth_ldap, and if you need a certain group to access, you probably need to > change the AuthLDAPURL line to something appropriate, or have AuthLDAPBindDN > to some user than can only authenticate some group of people. > > One problem with this though is that your user will have to login twice, > one to apache, and one to Gitorious. > > If Gitorious allows apache site authentications, i.e. the REMOTE_USER > variable to login, then authenication mechanisms can be made through apache, > NTLM, Kerberos, Mysql, LDAP, AD, etc. That would be sweet ;) > > Again, I've not tested this, but this is the kind of configuration we use > on SVN and other services. > > > On Tue, Oct 25, 2011 at 11:24 PM, IronMania <[email protected]>wrote: > >> Hi, >> >> 1. is there a way to prevent not authorized users of reading the >> source code? >> 2. if there is a way, could that be "easily" combined with LDAP user >> groups? >> >> Thank you for your Help! >> Joerg >> >> -- >> To post to this group, send email to [email protected] >> To unsubscribe from this group, send email to >> [email protected] >> > > -- > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > -- MVH Christian -- To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected]
