问题
my firm is looking at using git and gitolite but does not want to use SSH keys and work like to use LDAP.. Can this be done??
I never seen this done.. everyplace I have this setup with always used SSH keys
回答1:
Yes, you can do it without any issue.
You simply need your Apache to do the authentication part (since gitolite is only an authorization layer), and call gitolite-shell instead of git-http-backend, with REMOTE_USER set by Apache (and used by gitolite-shell).
See a detailed example in "Git with Ldap on Ubuntu with Apache".
The main part of the httpd.conf being:
SetEnv GIT_PROJECT_ROOT @H@/repositories
SetEnv GIT_HTTP_EXPORT_ALL
SetEnv GITOLITE_HTTP_HOME @H@
ScriptAlias /hgit/ @H@/sbin/gitolite-shell/
SetEnv GIT_HTTP_BACKEND "@H@/usr/local/apps/git/libexec/git-core/git-http-backend"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Location /hgit>
SSLOptions +StdEnvVars
Options ExecCGI +FollowSymLinks +SymLinksIfOwnerMatch
#AllowOverride All
order allow,deny
Allow from all
AuthName "LDAP authentication for Smart HTTP Git repositories"
AuthType Basic
AuthBasicProvider myldap companyldap
AuthzLDAPAuthoritative Off
Require valid-user
AddHandler cgi-script cgi
</Location>
(@H@ is just a template value, to be replaced by your path)
来源:https://stackoverflow.com/questions/19383836/can-gitolite-and-git-using-ldap-and-not-ssh-keys