Am Dienstag, 16. Juni 2015 19:07:08 UTC+2 schrieb tobias zellner:
Hello all,
I try to setup the git-http-backend with apache webserver on my ubuntu
14.04 but it does not work as it should. I read the documention about this
on http://git-scm.com/docs/git-http-backend and also searched for it. But
something went wrong for me. So first of all my configuration.
ComputerA should host the central repository using git version 2.4.3 and
Apache/2.4.7. And this central repository should be accesable for
anonymus pull but push should be protected. The users are stored in a ldap
directory. So since public read and protected write is exactly what the doc
does in the example it should not be so hard I thought.
So here is my apache config:
SetEnv GIT_PROJECT_ROOT /srv/git/repositories
SetEnv GIT_HTTP_EXPORT_ALL
ScriptAlias /git/ /usr/lib/git-core/git-http-backend/
RewriteCond %{QUERY_STRING} service=git-receive-pack [OR]
RewriteCond %{REQUEST_URI} /git-receive-pack$
RewriteRule ^/git/ - [E=AUTHREQUIRED:yes]
LocationMatch ^/git/
Order Deny,Allow
Deny from env=AUTHREQUIRED
AuthType Basic
AuthName Developer Login
AuthBasicProvider ldap
AuthLDAPBindDN cn=apache_service_user,dc=domain
AuthLDAPBindPassword secret
AuthLDAPURL ldap://ldap_server.domain/ou=Users,dc=domain
?uid?sub
AuthLDAPGroupAttribute memberUid
AuthLDAPGroupAttributeIsDN off
Require ldap-group cn=developers_group,ou=Groups,dc=domain
Satisfy Any
/LocationMatch
Beside the LDAP part and some path changes, prety the example config I
think.
So, with this config I have the following behavior.
1. pull work fine for everybody.
2. push does not work for anybody. No credentials are asked.
So for push I get the following respond:
fatal: unable to access 'http://server.domain/git/project/': The
requested URL returned error: 403
The doc tells that this is normal, since the git client never get's the
chance to ask for the credentials. So it tells, set http.receivepack
and this will work.
So I set the option to true in my bare repositorys config:
[http]
receivepack = true
But now, something strange happen. I have following behavior:
1. pull work fine for everybody.
2. push work for everybody. No credentials are asked.
So now I have a repository that is not protected at all. Just everybody
can read and write.
Well I have no idea what's the problem here. Maybe you guys can help?
Thanks for your time.
Tobi
Hello all,
well I found my problem. I just did not enable the rewrite engine. So the
working solution looks now like below:
RewriteEngine on
SetEnv GIT_PROJECT_ROOT /srv/git/repositories
SetEnv GIT_HTTP_EXPORT_ALL
ScriptAlias /git/ /usr/lib/git-core/git-http-backend/
RewriteCond %{QUERY_STRING} service=git-receive-pack [OR]
RewriteCond %{REQUEST_URI} /git-receive-pack$
RewriteRule ^/git/ - [E=AUTHREQUIRED:yes]
LocationMatch ^/git/
Order Deny,Allow
Deny from env=AUTHREQUIRED
AuthType Basic
AuthName Developer Login
AuthBasicProvider ldap
AuthLDAPBindDN cn=apache_service_user,dc=domain
AuthLDAPBindPassword secret
AuthLDAPURL ldap://ldap_server.domain/ou=Users,dc=domain?uid?sub;
AuthLDAPGroupAttribute memberUid
AuthLDAPGroupAttributeIsDN off
Require ldap-group cn=developers_group,ou=Groups,dc=domain
Satisfy Any
/LocationMatch
Well stupid problem, simple solution. And well it works now with and
without receivepack.
So thanks again for your time.
Tobi
--
You received this message because you are subscribed to the Google Groups Git
for human beings group.
To unsubscribe from this group and stop receiving emails from it, send an email
to git-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
