Home/ Questions/Q 7576649
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-30T16:58:24+00:00

I’m running a SVN repo server with ldap/file auth. This let me filter which

  • 0

I’m running a SVN repo server with ldap/file auth. This let me filter which users will access each of the repositories in the server.

Now I’m planning to migrate to GIT and I’ve already get GIT running through Apache/LDAP, but I cannot manage to get users filtered as I have on SVN.

Is there a way to achieve this?

Thanks

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You can replicate the same authentication mechnism (LDAP auth, declared in your httpd.conf) if you are calling the smart http mechanism behind, as described in “Setting up GIT with Apache Smart HTTP/S and LDAP“.

    Note that this is different from the authorization part, as explained in Gitolite: authorization vs. authentication, and explained in “Using LDAP as auth method to manage git repositories“.

    I prefer to use LDAP aliases in order to reference that authentication server multiple times:

    <AuthnProviderAlias ldap myldap>
  AuthLDAPBindDN cn=Manager,dc=example,dc=com
  AuthLDAPBindPassword secret
  AuthLDAPURL ldap://localhost:9011/dc=example,dc=com?uid?sub?(objectClass=*)
</AuthnProviderAlias>

    Here is an example of a config (with SSL in place) using LDAP:

    <VirtualHost itsvcprdgit.world.company:8453>
    ServerName itsvcprdgit.world.company
    ServerAlias itsvcprdgit

    SSLCertificateFile "/home/auser/compileEverything/apache/itsvcprdgit.world.company.crt"
    SSLCertificateKeyFile "/home/auser/compileEverything/apache/itsvcprdgit.world.company.key"
    SSLEngine on
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

    SetEnv GIT_PROJECT_ROOT /home/auser/compileEverything/repositories
    SetEnv GIT_HTTP_EXPORT_ALL

    ScriptAlias /mygit/ /path/to/git-http-backend/
    <FilesMatch "\.(cgi|shtml|phtml|php)$">
      SSLOptions +StdEnvVars
    </FilesMatch>
    <Location /mygit>
        SSLOptions +StdEnvVars
        Options ExecCGI +FollowSymLinks +SymLinksIfOwnerMatch
        #AllowOverride All
        order allow,deny
        Allow from all

        AuthName "LDAP authentication for ITSVC Smart HTTP Git repositories"
        AuthType Basic
        AuthBasicProvider myldap
        AuthzLDAPAuthoritative On

        Require valid-user
        AddHandler cgi-script cgi
    </Location>
    BrowserMatch ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
    CustomLog "/home/auser/compileEverything/apache/githttp_ssl_request_log" \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
    ErrorLog "/home/auser/compileEverything/apache/githttp_error_log"
    TransferLog "/home
</VirtualHost>
    • 0