Menu
Is there a way to authorize user via ldap on a git repository? Or phrased slightly differently: Is there a way to deny people pull/push if they are not in a specific ldap group?
Edit: Yes, great idea using PAM and/or a hook. Does anyone have experience using git in combination with pam_ldap?
778
LDAP authorization can be applied only to LDAP authenticated users. LDAP users must belong to one or more LDAP groups, or have one or more LDAP attributes that map to roles in App Connect Enterprise, with appropriate access to the admin REST API.
Git controls access to repositories through the fundamental user access to files and directories on the machine. By managing these users via LDAP, you manage who can access which repositories.
LDAP v3 supports three types of authentication: anonymous, simple and SASL authentication.
Should work:
Access git repos over SSH using standard logins (nothing unusual here).
Make your git repos have access permissions for a certain group, which particular logins have membership of.
Use pam-ldap to make your standard login system work with LDAP.
If there's a more specific way, that JUST checks ldap without affecting the rest of your system? I don't know, but it's probably possible with a pre-commit hook, or something like that.
163
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
