我正在尝试通过 Windows 服务器上的 apache 设置 git。我正在使用 msysgit 版本 1.7.7.1-preview20111027。我已经完成了大部分工作,但通过 http 推送并通过 Active Directory 进行身份验证是一个问题。
这是我的 httpd.conf:
<目录/>
全部允许
<目录C:/GitRepos>
AuthName“Git 存储库”
AuthType 基本
AuthBasicProvider ldap
AuthzLDAP权威
AuthLDAPUrl ldap://server/DC=domain,DC=com?sAMAccountName?sub?(objectClass=*)
AuthLDAPBindDN“CN=用户,OU=某个单元,DC=域,DC=com”
AuthLDAPBindPassword 密码
AuthLDAPGroupAttributeIsDN 关闭
AuthLDAPGroupAttribute 成员
需要 ldap 组 CN=ADGroup,OU=unit1,OU=unit2,DC=domain,DC=com
满足任意
SetEnv GIT_PROJECT_ROOT C:/GitRepos
SetEnv GIT_HTTP_EXPORT_ALL
# SetEnv REMOTE_USER $REDIRECT_REMOTE_USER
ScriptAliasMatch \
"(?x)^/(.*/(HEAD | \
信息/参考 | \
对象/(info/[^/]+ | \
[0-9a-f]{2}/[0-9a-f]{38} | \
; pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
git-(上传|接收)-pack))$" \
"C:/Program Files (x86)/git/libexec/git-core/ git-http-backend.exe/$1"
AuthName“Git 存储库”
AuthType 基本
AuthBasicProvider ldap
AuthzLDAP权威
AuthLDAPUrl ldap://server/DC=domain,DC=com?sAMAccountName?sub?(objectClass=*)
AuthLDAPBindDN“CN=用户,OU=某个单元,DC=域,DC=com”
AuthLDAPBindPassword 密码
AuthLDAPGroupAttributeIsDN 关闭
AuthLDAPGroupAttribute 成员
需要 ldap 组 CN=ADGroup,OU=unit1,OU=unit1,DC=domain,DC=com
满足任意
如果我取消注释:
# SetEnv REMOTE_USER $REDIRECT_REMOTE_USER
I can push over http, but a user can type anything in for a password and the ldap authorization doesn't limit the repositories to just the one Active Directory group.
我的设置是否不正确?
I'm trying to setup git through apache on a windows server. I'm using msysgit version 1.7.7.1-preview20111027. I've gotten most of it working but pushing over http and authenticating through Active Directory is an issue.
Here's my httpd.conf:
<Directory />
Allow from All
</Directory>
<Directory C:/GitRepos>
AuthName "Git Repositories"
AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative on
AuthLDAPUrl ldap://server/DC=domain,DC=com?sAMAccountName?sub?(objectClass=*)
AuthLDAPBindDN "CN=User,OU=someunit,DC=domain,DC=com"
AuthLDAPBindPassword password
AuthLDAPGroupAttributeIsDN off
AuthLDAPGroupAttribute member
Require ldap-group CN=ADGroup,OU=unit1,OU=unit2,DC=domain,DC=com
Satisfy any
</Directory>
SetEnv GIT_PROJECT_ROOT C:/GitRepos
SetEnv GIT_HTTP_EXPORT_ALL
# SetEnv REMOTE_USER $REDIRECT_REMOTE_USER
ScriptAliasMatch \
"(?x)^/(.*/(HEAD | \
info/refs | \
objects/(info/[^/]+ | \
[0-9a-f]{2}/[0-9a-f]{38} | \
pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
git-(upload|receive)-pack))$" \
"C:/Program Files (x86)/git/libexec/git-core/git-http-backend.exe/$1"
<LocationMatch "^/.*/git-receive-pack$">
AuthName "Git Repositories"
AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative on
AuthLDAPUrl ldap://server/DC=domain,DC=com?sAMAccountName?sub?(objectClass=*)
AuthLDAPBindDN "CN=User,OU=someunit,DC=domain,DC=com"
AuthLDAPBindPassword password
AuthLDAPGroupAttributeIsDN off
AuthLDAPGroupAttribute member
Require ldap-group CN=ADGroup,OU=unit1,OU=unit1,DC=domain,DC=com
Satisfy any
</LocationMatch>
If I uncomment:
# SetEnv REMOTE_USER $REDIRECT_REMOTE_USER
I can push over http, but a user can type anything in for a password and the ldap authorization doesn't limit the repositories to just the one Active Directory group.
Are my settings incorrect?
发布评论
评论(2)
也许这个早期的线程可能会有所帮助:
有没有办法对 Git 服务器使用 Windows 身份验证(Active Directory)?
它没有回答您的确切问题,但可能提供使用 AD 身份验证的其他途径。
Perhaps this earlier thread may help:
Is there a way to use Windows Authentication (Active Directory) for a Git server?
It doesn't answer your exact question but may provide other avenues for using AD authentication.
我已经成功地通过 https 完成了它,但最好与 ssh 一起使用。
无论如何,我有一些关于俄语的文章:
I have succesfully made it over https, but its best working with ssh.
anyway I have some articles on russian: