LaVOZs

The World’s Largest Online Community for Developers

'; Active Directory LDAP authentication Git Windows Server 2008 - LavOzs.Com

I'm trying to setup git through apache on a windows server. I'm using msysgit version 1.7.7.1-preview20111027. I've gotten most of it working but pushing over http and authenticating through Active Directory is an issue.

Here's my httpd.conf:

<Directory />
    Allow from All
</Directory>

<Directory C:/GitRepos>
    AuthName "Git Repositories"
    AuthType Basic
    AuthBasicProvider ldap
    AuthzLDAPAuthoritative on
    AuthLDAPUrl ldap://server/DC=domain,DC=com?sAMAccountName?sub?(objectClass=*)
    AuthLDAPBindDN "CN=User,OU=someunit,DC=domain,DC=com"
    AuthLDAPBindPassword password
    AuthLDAPGroupAttributeIsDN off
    AuthLDAPGroupAttribute member
    Require ldap-group CN=ADGroup,OU=unit1,OU=unit2,DC=domain,DC=com
    Satisfy any
</Directory>

SetEnv GIT_PROJECT_ROOT C:/GitRepos
SetEnv GIT_HTTP_EXPORT_ALL
# SetEnv REMOTE_USER $REDIRECT_REMOTE_USER
ScriptAliasMatch \
        "(?x)^/(.*/(HEAD | \
                info/refs | \
                    objects/(info/[^/]+ | \
                        [0-9a-f]{2}/[0-9a-f]{38} | \
                        pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
                git-(upload|receive)-pack))$" \
                "C:/Program Files (x86)/git/libexec/git-core/git-http-backend.exe/$1"

<LocationMatch "^/.*/git-receive-pack$">
    AuthName "Git Repositories"
    AuthType Basic
    AuthBasicProvider ldap
    AuthzLDAPAuthoritative on
    AuthLDAPUrl ldap://server/DC=domain,DC=com?sAMAccountName?sub?(objectClass=*)
    AuthLDAPBindDN "CN=User,OU=someunit,DC=domain,DC=com"
    AuthLDAPBindPassword password
    AuthLDAPGroupAttributeIsDN off
    AuthLDAPGroupAttribute member
    Require ldap-group CN=ADGroup,OU=unit1,OU=unit1,DC=domain,DC=com
    Satisfy any
</LocationMatch>

If I uncomment:

# SetEnv REMOTE_USER $REDIRECT_REMOTE_USER
I can push over http, but a user can type anything in for a password and the ldap authorization doesn't limit the repositories to just the one Active Directory group.

Are my settings incorrect?

Perhaps this earlier thread may help: Is there a way to use Windows Authentication (Active Directory) for a Git server?

It doesn't answer your exact question but may provide other avenues for using AD authentication.

I have succesfully made it over https, but its best working with ssh.

anyway I have some articles on russian:

Related
How can I add an empty directory to a Git repository?
Ignoring directories in Git repositories on Windows
What are the differences between LDAP and Active Directory?
Getting Git to work with a proxy server - fails with “Request timed out”
ignoring any 'bin' directory on a git project
Create a git patch from the changes in the current working directory
How to remove a directory from git repository?
Git push results in “Authentication Failed”
Git is not working after macOS Update (xcrun: error: invalid active developer path (/Library/Developer/CommandLineTools)