Sorry... by "set private_mode to true" I meant "set public_mode to false" :)
On Tue, Oct 25, 2011 at 19:44, Christian Johansen <[email protected]>wrote: > Hi, > > To prevent unauthorized users from browsing your repositories, you need to > do a couple of things: > > - Set private_mode to true in config/gitorious.yml > - Disable HTTP pull (these are anonymous by design, and a user could > pull repos by guessing URLs). This is done by not serving the > git.yourdomain.com alias to the site (which Gitorious uses for HTTP by > default) > - Disable git:// pulls. Same as above. This is achieved by simply not > running the git daemon. > > Christian > > > On Tue, Oct 25, 2011 at 18:25, Wari Wahab <[email protected]> wrote: > >> > 1. is there a way to prevent not authorized users of reading the source >> code? >> >> Not sure if this would answer for number 2 or not, but number 1 is >> possible if you allow 401 authentication in Apache. I've not tested this, so >> please don't blame me if it totally fails on your side. >> >> For example, in your /etc/apache2/sites-available/gitorious (or >> gitorious-ssl?), add the following in between the <VirtualHosts> bits: >> >> AuthBasicProvider ldap >> AuthName "ldap auth" >> AuthType Basic >> AuthBasicAuthoritative Off >> AuthLDAPURL "ldap:// >> some-ldap-site.company.com:389/dc=company,dc=com?sAMAccountName?sub?(objectClass=*)<http://some-ldap-site.company.com:389/dc=company,dc=com?sAMAccountName?sub?%28objectClass=*%29> >> " >> AuthLDAPBindDN "COMPANY\someaccounttoauthbind" >> AuthLDAPBindPassword "this is a very secure password" >> Require valid-user >> >> Of course you will probably need the required apache modules, namely >> auth_ldap, and if you need a certain group to access, you probably need to >> change the AuthLDAPURL line to something appropriate, or have AuthLDAPBindDN >> to some user than can only authenticate some group of people. >> >> One problem with this though is that your user will have to login twice, >> one to apache, and one to Gitorious. >> >> If Gitorious allows apache site authentications, i.e. the REMOTE_USER >> variable to login, then authenication mechanisms can be made through apache, >> NTLM, Kerberos, Mysql, LDAP, AD, etc. That would be sweet ;) >> >> Again, I've not tested this, but this is the kind of configuration we use >> on SVN and other services. >> >> >> On Tue, Oct 25, 2011 at 11:24 PM, IronMania >> <[email protected]>wrote: >> >>> Hi, >>> >>> 1. is there a way to prevent not authorized users of reading the >>> source code? >>> 2. if there is a way, could that be "easily" combined with LDAP user >>> groups? >>> >>> Thank you for your Help! >>> Joerg >>> >>> -- >>> To post to this group, send email to [email protected] >>> To unsubscribe from this group, send email to >>> [email protected] >>> >> >> -- >> To post to this group, send email to [email protected] >> To unsubscribe from this group, send email to >> [email protected] >> > > > > -- > MVH > Christian > -- MVH Christian -- To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected]
