summaryrefslogtreecommitdiffstats
path: root/contrib/lib
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/lib')
-rw-r--r--contrib/lib/Apache/gitolite.conf47
-rw-r--r--contrib/lib/Gitolite/Triggers/RedmineUserAlias.pm55
2 files changed, 102 insertions, 0 deletions
diff --git a/contrib/lib/Apache/gitolite.conf b/contrib/lib/Apache/gitolite.conf
new file mode 100644
index 0000000..87ba843
--- /dev/null
+++ b/contrib/lib/Apache/gitolite.conf
@@ -0,0 +1,47 @@
+# Apache Gitolite smart-http install Active Directory Authentication
+
+# Author: Jonathan Gray
+
+# It is assumed you already have mod_ssl, mod_ldap, & mod_authnz configured for apache
+# It is also assumed you are disabling http on port 80 and requiring the use of https on port 443
+
+# Boiler plate configuration from the smart-http deployment documentation script
+# Adjust paths if you use something other than the default
+SetEnv GIT_PROJECT_ROOT /var/www/gitolite-home/repositories
+ScriptAlias /git/ /var/www/gitolite-home/gitolite-source/src/gitolite-shell/
+ScriptAlias /gitmob/ /var/www/gitolite-home/gitolite-source/src/gitolite-shell/
+SetEnv GITOLITE_HTTP_HOME /var/www/gitolite-home
+SetEnv GIT_HTTP_EXPORT_ALL
+
+# Setup LDAP trusted root certificate from your domain
+LDAPTrustedGlobalCert CA_BASE64 /etc/httpd/conf.d/domain.ca.cer
+
+# In case you havn't setup proper SSL certificates in ssl.conf, go ahead and do it here to save headache later with git
+SSLCertificateFile /etc/httpd/conf.d/gitolite.server.crt
+SSLCertificateKeyFile /etc/httpd/conf.d/gitolite.server.key
+SSLCertificateChainFile /etc/httpd/conf.d/DigiCertCA.crt
+
+<Location /git>
+ Order deny,allow
+ # In case you want to restrict access to a given ip/subnet
+ #Allow from my.ip.range/cidr
+ #Deny from All
+ AuthType Basic
+ AuthName "Git"
+ AuthBasicProvider ldap
+ AuthUserFile /dev/null
+ AuthzLDAPAuthoritative on
+ AuthLDAPURL ldaps://AD.DC1.local:3269 AD.DC2.local:3269 AD.DC3.local:3269/?sAMAccountName?sub
+ AuthLDAPBindDN git@domain.local
+ AuthLDAPBindPassword super.secret.password
+ AuthLDAPGroupAttributeIsDN on
+
+ # You must use one of the two following approaches to handle authentication via active directory
+
+ # Require membership in the gitolite users group in AD
+ # The ldap-filter option is used to handle nested groups on the AD server rather than multiple calls to traverse from apache
+ # Require ldap-filter memberof:1.2.840.113556.1.4.1941:=cn=Gitolite Users,ou=Security Groups,dc=domain,dc=local
+
+ # Alternatively, require a valid user account only since you're going to control authorization in gitolite anyway
+ Require valid-user
+</Location>
diff --git a/contrib/lib/Gitolite/Triggers/RedmineUserAlias.pm b/contrib/lib/Gitolite/Triggers/RedmineUserAlias.pm
new file mode 100644
index 0000000..8fde513
--- /dev/null
+++ b/contrib/lib/Gitolite/Triggers/RedmineUserAlias.pm
@@ -0,0 +1,55 @@
+package Gitolite::Triggers::RedmineUserAlias;
+
+use Gitolite::Rc;
+use Gitolite::Common;
+use Gitolite::Conf::Load;
+
+use strict;
+use warnings;
+
+# aliasing a redmine username to a more user-friendly one
+# ----------------------------------------------------------------------
+
+=for usage
+
+Why:
+
+ Redmine creates users like "redmine_alice_123"; we want the users to just
+ see "alice" instead of that.
+
+Assumption:
+
+* Redmine does not allow duplicates in the middle bit; i.e., you can't
+ create redmine_alice_123 and redmine_alice_456 also.
+
+How:
+
+* add this code as lib/Gitolite/Triggers/RedmineUserAlias.pm to your
+ site-local code directory; see this link for how:
+
+ http://gitolite.com/gitolite/non-core.html#ncloc
+
+* add the following to the rc file, just before the ENABLE section (don't
+ forget the trailing comma):
+
+ INPUT => [ 'RedmineUserAlias::input' ],
+
+Notes:
+
+* http mode has not been tested and will not be. If someone has the time to
+ test it and make it work please let me know.
+
+* not tested with mirroring.
+
+Quote:
+
+* "All that for what is effectively one line of code. I need a life".
+
+=cut
+
+sub input {
+ $ARGV[0] or _die "no username???";
+ $ARGV[0] =~ s/^redmine_(\S+)_\d+$/$1/;
+}
+
+1;