1

I'm trying to setup a git server with:

  • http-access to be able to clone repositories like this:

    git clone http://mygitserver/repository

  • have a web interface (gitweb), if possible with restrictions per user

  • control access based on LDAP accounts

So far I have gitweb up and running; when I access 

http://gitserver/

it asks ldap login and when I provide this; it shows all repositories (even gitolite-admin repository... not so good)

When I try to clone, I get the error:

fatal: http://gitserver/<reponame>.git/info/refs not valid: is this a git repository?

I dug into it and I found out that the gitolite-suexec-wrapper.sh does not receive the LDAP username; so gitolite cannot grant access since the username is empty... any ideas?

here is my configuration:

my apache configuration file looks like the one here: http://gitolite.com/gitolite/g2/ggshb.html. The most interesting part is this:

ScriptAliasMatch \
        "(?x)^/(.*/(HEAD | \
                        info/refs | \
                        objects/(info/[^/]+ | \
                                 [0-9a-f]{2}/[0-9a-f]{38} | \
                                 pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
                        git-(upload|receive)-pack))$" \
        /srv/www/bin/gitolite-suexec-wrapper.sh/$1

for one or another reason the parameter $1 is not passed or is empty.... in the apache log I get these lines:

10.1.86.100 - - [22/Jan/2014:18:09:52 +0100] "GET /git/<reponame>.git/info/refs?service=git-upload-pack HTTP/1.1" 401 - "-" "git/1.8.4"
601 10.1.86.100 - - [22/Jan/2014:18:09:57 +0100] "GET /git/<reponame>.git/info/refs?service=git-upload-pack HTTP/1.1" 401 - "-" "git/1.8.4"
602 10.1.86.100 - chris.maes [22/Jan/2014:18:09:57 +0100] "GET /git/<reponame>.git/info/refs?service=git-upload-pack HTTP/1.1" 200 120 "-" "git/1.8.4"

oh yes; my environment: Opensuse 13.1 gitolite 2.3.1 git 1.8.4

Chris Maes
  • 35,025
  • 12
  • 111
  • 136
  • 1
    Any reason to use an old gitolite 2.x? As for Apache I don't use `gitolite-suexec-wrapper.sh`: see https://github.com/VonC/compileEverything/blob/2801e9f5366185b532300fe07e434b60a5cea030/apache/env.conf.tpl#L149-L165 – VonC Jan 22 '14 at 19:04
  • I just added the repository i found; it was the last one I found available... Can this make a big difference? – Chris Maes Jan 23 '14 at 08:09
  • The most recent one is at https://github.com/sitaramc/gitolite: 3.5.1 and it is much easier to install/support/update. It doesn't need a `gitolite-suexec-wrapper.sh`: you can directly call the `gitolite-shell` script as shown in my Apache config. – VonC Jan 23 '14 at 08:16
  • I just had a discussion with a collegue: might GitLab or Gitorious be a more easy alternative to have all the features I want? – Chris Maes Jan 23 '14 at 08:32
  • No, it is a completely different setup, with an additional database, to manage users. But GitLab has certainly a much complete set of features. It has *not*, however, custom hooks. (https://github.com/gitlabhq/gitlab-shell/issues/14, ie the VREFS from gitolite) – VonC Jan 23 '14 at 08:34
  • I don't really care whether the setup is different: I am not married to gitolite. I want to have: (1) LDAP access to check out an check in (2) a web browser with LDAP access to visualize sources – Chris Maes Jan 23 '14 at 08:42
  • Then GitLab is a good choice. I have added in my answer a link to its LDAP config section. – VonC Jan 23 '14 at 08:48

1 Answers1

1

The two solutions are:

1/ Apache + ldap, calling gitolite-shell (gitolie V3)

 ScriptAlias /hgit/ @H@/sbin/gitolite-shell/
    SetEnv GIT_HTTP_BACKEND "@H@/usr/local/apps/git/libexec/git-core/git-http-backend"
    <FilesMatch "\.(cgi|shtml|phtml|php)$">
      SSLOptions +StdEnvVars
    </FilesMatch>
    <Location /hgit>
        SSLOptions +StdEnvVars
        Options +ExecCGI +FollowSymLinks +SymLinksIfOwnerMatch
        #AllowOverride All
        order allow,deny
        Allow from all
        AuthName "LDAP authentication for ITSVC Smart HTTP Git repositories"
        AuthType Basic
        AuthBasicProvider myldap companyldap

2/ Or GitLab, which had LDAP authentication: "setting up gitlab LDAP-authentication without special gitlab user"
See the config gitlab.yml ldap section.

Community
  • 1
  • 1
VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • Waw, GitLab + bitnabi is the revelation!!! I installed it using the bitnabi installer: GitLab was up and running in no time with LDAP access; I still need to do some configuration for user access and repos, but so far I am bluffed!!! – Chris Maes Jan 23 '14 at 13:21