You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Bogdan Siara <bs...@gmail.com> on 2015/02/02 19:56:51 UTC
[users@httpd] Problem with git, ldap, apache and limit directive
Hello All,
I prepare configuration to run git server via apache (2.2) https and
authentication via ldap... My config is:
<VirtualHost 172.22.0.19:443>
SetEnv GIT_PROJECT_ROOT /opt/tools/git/repositories/
SetEnv GIT_HTTP_EXPORT_ALL
ScriptAlias / /usr/libexec/git-core/git-http-backend/
ServerName git.firma
ErrorLog logs/git_firma_ssl_error_log
TransferLog logs/git_firma_ssl_access_log
CustomLog logs/git_firma_ssl_request_log "%t %h %{SSL_PROTOCOL}x
%{SSL_CIPHER}x \"%r\" %b"
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3 +TLSv1
SSLHonorCipherOrder On
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/httpd/certs/server/certificates/git.firma.crt
SSLCertificateKeyFile /etc/httpd/certs/server/keys/git.firma.key
SSLCACertificateFile /etc/httpd/certs/CA/firma.CRT
<Location /piaskownica.git>
Dav on
Order deny,allow
Deny from all
AuthName "GIT Repo"
AuthType Basic
Satisfy any
#Limit1
<Limit GET OPTIONS PROPFIND>
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPURL "ldap://172.22.0.22:389/dc=firma?uid?sub?(uid=user1)"
Require valid-user
</Limit>
#Limit2
<Limitexcept GET OPTIONS PROPFIND>
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPURL "ldap://
172.22.0.22:389/dc=firma?uid?sub?(|(uid=user2)(uid=user3))"
Require valid-user
</LimitExcept>
</Location>
</VirtualHost>
When I run:
git clone https://git.firma/piaskownica.git
Username for 'https://git.firma': user1
Password for 'https://user1@git.firma':
fatal: Authentication failed
I get error 401, in access_log I have:
172.22.0.51 - - [02/Feb/2015:19:48:11 +0100] "GET
/piaskownica.git/info/refs?service=git-upload-pack HTTP/1.1" 401 475
172.22.0.51 - - [02/Feb/2015:19:48:24 +0100] "GET
/piaskownica.git/info/refs?service=git-upload-pack HTTP/1.1" 401 475
172.22.0.51 - user1 [02/Feb/2015:19:48:24 +0100] "GET
/piaskownica.git/info/refs?service=git-upload-pack HTTP/1.1" 401 475
In error_log I have:
[Mon Feb 02 19:48:24 2015] [error] [client 172.22.0.51] user user1 not
found: /piaskownica.git/info/refs
Why apache not authenticate user1 via directive #Limit1? What I doing
wrong? Please explain...
Sorry for my english.
Regards
BS