William Muriithi wrote:
Hello
I have set up gitolite3 and its working fine when I connect to it
through ssh. I am using LDAP (FreeIPA) for authorization.
When I connect through http/https, I am authenticated, but I believe
authorization is not working. I have not been able to figure how to
work around it..
git clone http://[email protected]/git/Design.git
But after Apache authenticate me, it passes [email protected] not
william to gitolite. When the name [email protected] is passed to
the group searching script, it returns null and hence the error below
2013-05-29.14:51:19 12567 access(Design,
[email protected], R, 'any'),-> R any Design [email protected]
DENIED by fallthru
2013-05-29.14:51:19 12567 trigger,Writable,access_1,
ACCESS_1,Design,[email protected],R,any,R any Design
[email protected] DENIED by fallthru
2013-05-29.14:51:19 12567 die R any Design
[email protected] DENIED by fallthru<<newline>>(or you mis-spelled
the reponame)
The question is, how would I coerce apache or kerberos to pass
gitolite only section before the @ character?
With mod_auth_kerb >= 5.4 you can use KrbLocalUserMapping on to strip
the realm.
rob
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
