diff options
Diffstat (limited to 'contrib/lib')
-rw-r--r-- | contrib/lib/Apache/gitolite.conf | 47 | ||||
-rw-r--r-- | contrib/lib/Gitolite/Triggers/RedmineUserAlias.pm | 55 |
2 files changed, 102 insertions, 0 deletions
diff --git a/contrib/lib/Apache/gitolite.conf b/contrib/lib/Apache/gitolite.conf new file mode 100644 index 0000000..87ba843 --- /dev/null +++ b/contrib/lib/Apache/gitolite.conf @@ -0,0 +1,47 @@ +# Apache Gitolite smart-http install Active Directory Authentication + +# Author: Jonathan Gray + +# It is assumed you already have mod_ssl, mod_ldap, & mod_authnz configured for apache +# It is also assumed you are disabling http on port 80 and requiring the use of https on port 443 + +# Boiler plate configuration from the smart-http deployment documentation script +# Adjust paths if you use something other than the default +SetEnv GIT_PROJECT_ROOT /var/www/gitolite-home/repositories +ScriptAlias /git/ /var/www/gitolite-home/gitolite-source/src/gitolite-shell/ +ScriptAlias /gitmob/ /var/www/gitolite-home/gitolite-source/src/gitolite-shell/ +SetEnv GITOLITE_HTTP_HOME /var/www/gitolite-home +SetEnv GIT_HTTP_EXPORT_ALL + +# Setup LDAP trusted root certificate from your domain +LDAPTrustedGlobalCert CA_BASE64 /etc/httpd/conf.d/domain.ca.cer + +# In case you havn't setup proper SSL certificates in ssl.conf, go ahead and do it here to save headache later with git +SSLCertificateFile /etc/httpd/conf.d/gitolite.server.crt +SSLCertificateKeyFile /etc/httpd/conf.d/gitolite.server.key +SSLCertificateChainFile /etc/httpd/conf.d/DigiCertCA.crt + +<Location /git> + Order deny,allow + # In case you want to restrict access to a given ip/subnet + #Allow from my.ip.range/cidr + #Deny from All + AuthType Basic + AuthName "Git" + AuthBasicProvider ldap + AuthUserFile /dev/null + AuthzLDAPAuthoritative on + AuthLDAPURL ldaps://AD.DC1.local:3269 AD.DC2.local:3269 AD.DC3.local:3269/?sAMAccountName?sub + AuthLDAPBindDN git@domain.local + AuthLDAPBindPassword super.secret.password + AuthLDAPGroupAttributeIsDN on + + # You must use one of the two following approaches to handle authentication via active directory + + # Require membership in the gitolite users group in AD + # The ldap-filter option is used to handle nested groups on the AD server rather than multiple calls to traverse from apache + # Require ldap-filter memberof:1.2.840.113556.1.4.1941:=cn=Gitolite Users,ou=Security Groups,dc=domain,dc=local + + # Alternatively, require a valid user account only since you're going to control authorization in gitolite anyway + Require valid-user +</Location> diff --git a/contrib/lib/Gitolite/Triggers/RedmineUserAlias.pm b/contrib/lib/Gitolite/Triggers/RedmineUserAlias.pm new file mode 100644 index 0000000..8fde513 --- /dev/null +++ b/contrib/lib/Gitolite/Triggers/RedmineUserAlias.pm @@ -0,0 +1,55 @@ +package Gitolite::Triggers::RedmineUserAlias; + +use Gitolite::Rc; +use Gitolite::Common; +use Gitolite::Conf::Load; + +use strict; +use warnings; + +# aliasing a redmine username to a more user-friendly one +# ---------------------------------------------------------------------- + +=for usage + +Why: + + Redmine creates users like "redmine_alice_123"; we want the users to just + see "alice" instead of that. + +Assumption: + +* Redmine does not allow duplicates in the middle bit; i.e., you can't + create redmine_alice_123 and redmine_alice_456 also. + +How: + +* add this code as lib/Gitolite/Triggers/RedmineUserAlias.pm to your + site-local code directory; see this link for how: + + http://gitolite.com/gitolite/non-core.html#ncloc + +* add the following to the rc file, just before the ENABLE section (don't + forget the trailing comma): + + INPUT => [ 'RedmineUserAlias::input' ], + +Notes: + +* http mode has not been tested and will not be. If someone has the time to + test it and make it work please let me know. + +* not tested with mirroring. + +Quote: + +* "All that for what is effectively one line of code. I need a life". + +=cut + +sub input { + $ARGV[0] or _die "no username???"; + $ARGV[0] =~ s/^redmine_(\S+)_\d+$/$1/; +} + +1; |