Git with Ldap on Ubuntu with Apache

Question

I\'m new to Git and trying to get an installation of Git, Gitolite, and Gitweb working with LDAP. So far, we have Gitweb working with LDAP. I\'ve reviewed many posts and g

Answer 1

Git with LDAP (git itself, not gitweb) is precisely what I do in my project:
See my httpd.conf

I define first a couple of LDAP aliases (you can authenticate against several LDAP if you want):

<AuthnProviderAlias ldap myldap>
  AuthLDAPBindDN cn=Manager,dc=example,dc=com
  AuthLDAPBindPassword secret
  AuthLDAPURL ldap://localhost:@PORT_LDAP_TEST@/dc=example,dc=com?uid?sub?(objectClass=*)
</AuthnProviderAlias>

# LDAP_START
<AuthnProviderAlias ldap companyldap>
  AuthLDAPBindDN "@LDAP_BINDDN@"
  AuthLDAPBindPassword @LDAP_PASSWORD@
  AuthLDAPURL @LDAP_URL@
</AuthnProviderAlias>
# LDAP_END

(All the @xxx@ you see are template placeholders that I replace with actual values later)

Then I define my VirtualHost (on a different port than the one used for gitweb):

(extract):

# GitHttp on @PORT_HTTP_HGIT@
Listen @PORT_HTTP_HGIT@
<VirtualHost @FQN@:@PORT_HTTP_HGIT@>
    ServerName @FQN@
    ServerAlias @HOSTNAME@

    SSLCertificateFile "@H@/apache/crt"
    SSLCertificateKeyFile "@H@/apache/key"
    SSLEngine on

    SetEnv GIT_PROJECT_ROOT @H@/repositories
    SetEnv GIT_HTTP_EXPORT_ALL
    SetEnv GITOLITE_HTTP_HOME @H@
    ScriptAlias /hgit/ @H@/sbin/gitolite-shell/
    SetEnv GIT_HTTP_BACKEND "@H@/usr/local/apps/git/libexec/git-core/git-http-backend"
    <FilesMatch "\.(cgi|shtml|phtml|php)$">
      SSLOptions +StdEnvVars
    </FilesMatch>
    <Location /hgit>
        SSLOptions +StdEnvVars
        Options ExecCGI +FollowSymLinks +SymLinksIfOwnerMatch
        #AllowOverride All
        order allow,deny
        Allow from all
        AuthName "LDAP authentication for Smart HTTP Git repositories"
        AuthType Basic
        AuthBasicProvider myldap companyldap
        AuthzLDAPAuthoritative Off
        Require valid-user
        AddHandler cgi-script cgi
    </Location>

</VirtualHost>

Here this is calling gitolite, but if you call directly git-http-backend (which is a script from git itself, nothing to do with gitolite), you would give unrestricted access to your git repo, through http(s) with LDAP authentication

ScriptAlias /hgit/ @H@/usr/local/apps/git/libexec/git-core/git-http-backend

Answer 2

Hope you got your problem fixed. I have been messing around a few days with Git / Gitweb / gitolite myself before I gave up and just installed GitLab using a Bitnami installer

Worked like a charm (some minor hickups but it was a real eye-opener for me: don't try to configure everything yourself if you can find a good "out-of-the-box" solution.