【发布时间】:2015-10-03 18:48:29
【问题描述】:
一段时间以来,我一直在尝试使用 Smart HTTP 和 Apache Web 服务器为 git 建立 LDAP 用户身份验证。
我确实设法为 Apache 设置了 LDAP 身份验证,但我让 git 使用它。每次我尝试克隆 git repo 时,都会收到带有代码 403 的 HTTP 错误 - 禁止。 大多数情况下,我都在关注本教程 - https://loutilities.wordpress.com/2011/08/12/setting-up-git-with-apache-smart-https-and-ldap/。
根据 error.log 跟踪,看起来 git 没有提供所需的凭据,但我不知道如何解决这个问题。 我确信 ldap 查询是正确的,至少在没有 git 后端的情况下正确地进行了身份验证。
谁能告诉我我的设置有什么问题?
非常感谢。
下面我提供了一些我检索到的信息:
.htaccess(在 dev.git 文件夹中)
Options +ExecCGI
AuthName "Top Secret"
AuthType Basic
AuthBasicProvider ldap
AuthLDAPGroupAttribute memberUid
AuthLDAPGroupAttributeIsDN off
AuthLDAPURL "ldap://192.168.0.119:389/ou=users,dc=example,dc=net"
<RequireAll>
Require ldap-group cn=development,ou=groups,dc=example,dc=net
Require ldap-group cn=test_project,ou=projects,dc=example,dc=net
</RequireAll>
Apache 错误日志
[Sat Oct 03 13:28:37.372499 2015] [http:trace4] [pid 4421] http_request.c(301): [client x.x.x.x:50419] Headers received from client:
[Sat Oct 03 13:28:37.372526 2015] [http:trace4] [pid 4421] http_request.c(305): [client x.x.x.x:50419] Host: some.host.com
[Sat Oct 03 13:28:37.372529 2015] [http:trace4] [pid 4421] http_request.c(305): [client x.x.x.x:50419] User-Agent: git/2.5.1.windows.1
[Sat Oct 03 13:28:37.372531 2015] [http:trace4] [pid 4421] http_request.c(305): [client x.x.x.x:50419] Accept: */*
[Sat Oct 03 13:28:37.372532 2015] [http:trace4] [pid 4421] http_request.c(305): [client x.x.x.x:50419] Accept-Encoding: gzip
[Sat Oct 03 13:28:37.372534 2015] [http:trace4] [pid 4421] http_request.c(305): [client x.x.x.x:50419] Accept-Language: ru-RU, *;q=0.9
[Sat Oct 03 13:28:37.372535 2015] [http:trace4] [pid 4421] http_request.c(305): [client x.x.x.x:50419] Pragma: no-cache
[Sat Oct 03 13:28:37.372583 2015] [authz_core:debug] [pid 4421] mod_authz_core.c(809): [client x.x.x.x:50419] AH01626: authorization result of Require all denied: denied
[Sat Oct 03 13:28:37.372588 2015] [authz_core:debug] [pid 4421] mod_authz_core.c(809): [client x.x.x.x:50419] AH01626: authorization result of <RequireAny>: denied
[Sat Oct 03 13:28:37.372590 2015] [authz_core:error] [pid 4421] [client x.x.x.x:50419] AH01630: client denied by server configuration: /usr/lib/git-core/git-http-backend
[Sat Oct 03 13:28:37.372592 2015] [core:trace3] [pid 4421] request.c(119): [client x.x.x.x:50419] auth phase 'check access' gave status 403: /git/test_project/dev.git/info/refs
[Sat Oct 03 13:28:37.372616 2015] [http:trace3] [pid 4421] http_filters.c(1004): [client x.x.x.x:50419] Response sent with status 403, headers:
[Sat Oct 03 13:28:37.372623 2015] [http:trace4] [pid 4421] http_filters.c(833): [client x.x.x.x:50419] Content-Length: 324
[Sat Oct 03 13:28:37.372634 2015] [http:trace4] [pid 4421] http_filters.c(833): [client x.x.x.x:50419] Content-Type: text/html; charset=iso-8859-1
Apache.conf
SetEnv GIT_PROJECT_ROOT /var/www/html/git
SetEnv GIT_HTTP_EXPORT_ALL
ScriptAlias /git/ /usr/lib/git-core/git-http-backend/
【问题讨论】:
-
@MrDownVoter:你能解释一下投反对票的原因吗??
-
对不起,我不小心弄到了)
标签: git apache http authentication ldap