Git LDAP身份驗證

Question

一段時間以來，我一直在嘗試使用Smart HTTP和Apache Web服務器爲git建立LDAP用戶身份驗證。

我確實設法設置了Apache的LDAP身份驗證，但是我讓git和它一起工作。每次我嘗試克隆git repo時，都會收到代碼爲403的HTTP錯誤 - 禁止。 我大部分時間都在關注本教程 - https://loutilities.wordpress.com/2011/08/12/setting-up-git-with-apache-smart-https-and-ldap/。

根據error.log跟蹤它看起來像git不提供所需的憑據，但我不知道如何解決這個問題。 我敢肯定，ldap查詢是正確的，至少身份驗證正確保持沒有git後端。

有人可以告訴我我的設置有什麼問題嗎？

非常感謝提前。

下面我提供了一些信息，我檢索：

的.htaccess（在dev.git文件夾）

Options +ExecCGI 
AuthName "Top Secret" 
AuthType Basic 
AuthBasicProvider ldap 
AuthLDAPGroupAttribute memberUid 
AuthLDAPGroupAttributeIsDN off 
AuthLDAPURL "ldap://192.168.0.119:389/ou=users,dc=example,dc=net" 
<RequireAll> 
Require ldap-group cn=development,ou=groups,dc=example,dc=net 
Require ldap-group cn=test_project,ou=projects,dc=example,dc=net 
</RequireAll> 

阿帕奇是error.log

[Sat Oct 03 13:28:37.372499 2015] [http:trace4] [pid 4421] http_request.c(301): [client x.x.x.x:50419] Headers received from client: 

[Sat Oct 03 13:28:37.372526 2015] [http:trace4] [pid 4421] http_request.c(305): [client x.x.x.x:50419] Host: some.host.com 

[Sat Oct 03 13:28:37.372529 2015] [http:trace4] [pid 4421] http_request.c(305): [client x.x.x.x:50419] User-Agent: git/2.5.1.windows.1 

[Sat Oct 03 13:28:37.372531 2015] [http:trace4] [pid 4421] http_request.c(305): [client x.x.x.x:50419] Accept: */* 

[Sat Oct 03 13:28:37.372532 2015] [http:trace4] [pid 4421] http_request.c(305): [client x.x.x.x:50419] Accept-Encoding: gzip 

[Sat Oct 03 13:28:37.372534 2015] [http:trace4] [pid 4421] http_request.c(305): [client x.x.x.x:50419] Accept-Language: ru-RU, *;q=0.9 

[Sat Oct 03 13:28:37.372535 2015] [http:trace4] [pid 4421] http_request.c(305): [client x.x.x.x:50419] Pragma: no-cache 

[Sat Oct 03 13:28:37.372583 2015] [authz_core:debug] [pid 4421] mod_authz_core.c(809): [client x.x.x.x:50419] AH01626: authorization result of Require all denied: denied 

[Sat Oct 03 13:28:37.372588 2015] [authz_core:debug] [pid 4421] mod_authz_core.c(809): [client x.x.x.x:50419] AH01626: authorization result of <RequireAny>: denied 

[Sat Oct 03 13:28:37.372590 2015] [authz_core:error] [pid 4421] [client x.x.x.x:50419] AH01630: client denied by server configuration: /usr/lib/git-core/git-http-backend 

[Sat Oct 03 13:28:37.372592 2015] [core:trace3] [pid 4421] request.c(119): [client x.x.x.x:50419] auth phase 'check access' gave status 403: /git/test_project/dev.git/info/refs 

[Sat Oct 03 13:28:37.372616 2015] [http:trace3] [pid 4421] http_filters.c(1004): [client x.x.x.x:50419] Response sent with status 403, headers: 

[Sat Oct 03 13:28:37.372623 2015] [http:trace4] [pid 4421] http_filters.c(833): [client x.x.x.x:50419] Content-Length: 324 

[Sat Oct 03 13:28:37.372634 2015] [http:trace4] [pid 4421] http_filters.c(833): [client x.x.x.x:50419] Content-Type: text/html; charset=iso-8859-1 

阿帕奇.conf

SetEnv GIT_PROJECT_ROOT /var/www/html/git 
SetEnv GIT_HTTP_EXPORT_ALL 
ScriptAlias /git/ /usr/lib/git-core/git-http-backend/ 

Answer 1

我使用的基於LDAP的身份驗證在我的項目之前（見this Apache config file），但RequireAll部分總是有一個Require valid-user：

 <RequireAll> 
     Require valid-user 
     Require ldap-group @LDAP_GROUP@ 
     </RequireAll> 

Answer 2

我只是增加了一個目錄的描述和它的工作：

<Directory "/usr/lib/git-core*"> 
    Options ExecCGI Indexes 
    Order allow,deny 
    Allow from all 
    Require all granted 
</Directory> 

謝謝。