You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Bogdan Siara <bs...@gmail.com> on 2015/02/02 19:56:51 UTC

[users@httpd] Problem with git, ldap, apache and limit directive

Hello All,

I prepare configuration to run git server via apache (2.2) https and
authentication via ldap... My config is:

<VirtualHost 172.22.0.19:443>

    SetEnv GIT_PROJECT_ROOT /opt/tools/git/repositories/
    SetEnv GIT_HTTP_EXPORT_ALL
    ScriptAlias / /usr/libexec/git-core/git-http-backend/

    ServerName git.firma
    ErrorLog logs/git_firma_ssl_error_log
    TransferLog logs/git_firma_ssl_access_log
    CustomLog logs/git_firma_ssl_request_log "%t %h %{SSL_PROTOCOL}x
%{SSL_CIPHER}x \"%r\" %b"
    LogLevel warn

    SSLEngine on
    SSLProtocol all -SSLv2 -SSLv3 +TLSv1
    SSLHonorCipherOrder On
    SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
    SSLCertificateFile /etc/httpd/certs/server/certificates/git.firma.crt
    SSLCertificateKeyFile /etc/httpd/certs/server/keys/git.firma.key
    SSLCACertificateFile /etc/httpd/certs/CA/firma.CRT

    <Location /piaskownica.git>
        Dav on
        Order deny,allow
        Deny from all
        AuthName "GIT Repo"
        AuthType Basic
        Satisfy any

        #Limit1
        <Limit GET OPTIONS PROPFIND>
        AuthBasicProvider ldap
        AuthzLDAPAuthoritative off
        AuthLDAPURL "ldap://172.22.0.22:389/dc=firma?uid?sub?(uid=user1)"
        Require valid-user
        </Limit>

        #Limit2
        <Limitexcept GET OPTIONS PROPFIND>
        AuthBasicProvider ldap
        AuthzLDAPAuthoritative off
        AuthLDAPURL "ldap://
172.22.0.22:389/dc=firma?uid?sub?(|(uid=user2)(uid=user3))"
        Require valid-user
        </LimitExcept>
    </Location>

</VirtualHost>

When I run:
git clone https://git.firma/piaskownica.git
Username for 'https://git.firma': user1
Password for 'https://user1@git.firma':
fatal: Authentication failed
I get error 401, in access_log I have:
172.22.0.51 - - [02/Feb/2015:19:48:11 +0100] "GET
/piaskownica.git/info/refs?service=git-upload-pack HTTP/1.1" 401 475
172.22.0.51 - - [02/Feb/2015:19:48:24 +0100] "GET
/piaskownica.git/info/refs?service=git-upload-pack HTTP/1.1" 401 475
172.22.0.51 - user1 [02/Feb/2015:19:48:24 +0100] "GET
/piaskownica.git/info/refs?service=git-upload-pack HTTP/1.1" 401 475
In error_log I have:
[Mon Feb 02 19:48:24 2015] [error] [client 172.22.0.51] user user1 not
found: /piaskownica.git/info/refs

Why apache not authenticate user1 via directive #Limit1? What I doing
wrong? Please explain...
Sorry for my english.

Regards
BS