不多說,開始吧!
- 開啟Apache LDAP Module
- 直接找CN - 新增 git.conf #vim /etc/apache2/sites-available/git.conf
- 使用group的方式 - 新增 git.conf #vim /etc/apache2/sites-available/git.conf
- enable git.conf
- 重新啟動Server
a2enmod ldap
a2enmod authnz_ldap
a2enmod authnz_ldap
DocumentRoot /home/git
ServerName git.jesse.com
ErrorLog /var/log/apache2/git-error.log
CustomLog /var/log/apache2/git-access.log combined
SetEnv GIT_PROJECT_ROOT /home/git
SetEnv GIT_HTTP_EXPORT_ALL
ScriptAlias /git/ /usr/lib/git-core/git-http-backend/
<Directory "/usr/lib/git-core">
Options +ExecCGI
Allow From All
</Directory>
<Directory "/home/git">
Dav on
Order allow,deny
Allow from all
</Directory>
<Location "/${project}.git">
AuthName "GIT Repo"
AuthType Basic
AuthBasicProvider ldap
AuthLDAPURL "ldap://${LDAP_IP}:389/${BASE_DN}?uid?sub?(objectClass=*)"
Require valid-user
</Location>
Note :
* BASE_DN : 指的是要搜尋的根目錄
* uid:指的是要搜尋的attribute
* sub:指的是要搜尋所有的sub tree
* ldap-group : 設定的objecClass是groupOfNames,在Member的attribute加入所有的user cn
。 * group的概念有點像是使用者帳號密碼先做驗證,驗證成功後,再確認該使用者是不是在設定的Group裡面,是的話回傳True,不是則False。
DocumentRoot /home/git
ServerName git.jesse.com
ErrorLog /var/log/apache2/git-error.log
CustomLog /var/log/apache2/git-access.log combined
SetEnv GIT_PROJECT_ROOT /home/git
SetEnv GIT_HTTP_EXPORT_ALL
ScriptAlias /git/ /usr/lib/git-core/git-http-backend/
<Directory "/usr/lib/git-core">
Options +ExecCGI
Allow From All
</Directory>
<Directory "/home/git">
Dav on
Order allow,deny
Allow from all
</Directory>
<Location "/${project}.git">
AuthType Basic
AuthName "Git Access"
AuthBasicProvider ldap
AuthLDAPBindDN "cn=admin,dc=jesse,dc=com,dc=tw"
AuthLDAPBindPassword "password"
AuthLDAPGroupAttribute member
AuthLDAPURL "ldap://${LDAP_IP}:389/${BASE_DN}?uid?sub?(objectClass=*)"
Require ldap-group cn=$group_name,dc=jesse,dc=com,dc=tw
</Location>
#ln -s /etc/apache2/sites-available/git.conf /etc/apache2/sites-enabled/git.conf
#/etc/init.d/apache2 restart
沒有留言:
張貼留言