Setup GIT repositories over HTTPD with LDAP and Local authentication on AIX systems.

What are we going to do?

  •  Setup Apache server as frontend for Git repositories.
  •  Use CGI program git-http-backend (https://schacon.github.io/git/git-http-backend.html), instead Dav, to serve the contents of a Git repository to Git clients accessing the repository over http:// protocol.
  • Authenticate users to GIT repositories in this order, first local users and then Ldap to Active directory.

Let’s see useful information of our system:
– Apache server version installed on AIX system is 2.2.17.

[root@aix:] rpm -qa|grep httpd
httpd-2.2.17-3.ppc

– HTTPD server is listening by default on port 80/TCP to serve other applications.

# Listen: Allows you to bind Apache to specific IP addresses and/or
# Change this to Listen on specific IP addresses as shown below to
#Listen 12.34.56.78:80
Listen 80

– Server hostname is aixrepository.domain.net.

[root@aix:/aix] hostname
aixrepository.domain.net
  • Enable  Apache’s Virtual Host on port 81/TCP.

It’s recommended to use Apache’s Virtual Host to serve GIT repositories on a different port of 80/TCP. In this example port will be 81/TCP.

  • Edit /opt/freeware/etc/httpd/conf/httpd.conf and uncomment this line:
# Virtual hosts
Include conf/extra/httpd-vhosts.conf
  • Add this line ‘Listen 81’ to ‘Listen‘ directive:
# Listen: Allows you to bind Apache to specific IP addresses and/or
# Change this to Listen on specific IP addresses as shown below to
#Listen 12.34.56.78:80
Listen 80
Listen 81
  • Setup git-http-backend CGI program.

What’s  git-http-backend? It’s  a simple CGI program to serve the contents of a Git repository to Git clients accessing the repository over http:// and https:// protocols)

We’re going to copy CGI binary file to /CGIBIN directory. Change permissions to /CGIBIN to be used by HTTPD daemon.

[root@aix:] mkdir /CGIBIN
[root@aix:] cp /opt/freeware/libexec/git-core/git-http-backend /CGIBIN/
[root@aix:] chmod -R 755 /CGIBIN/
[root@aix:] chown -R apache:apache /CGIBIN/
[root@aix:] ls -ltr /CGIBIN/
total 1832
-rwxr-xr-x    1 apache   apache       935551 Feb 13 09:07 git-http-backend
  • Configure Apache’s Virtual Host.

Edit /apache/extra/httpd-vhosts.conf and add this code.

root@aix: /apache/extra # vi /apache/extra/httpd-vhosts.conf
root@aix: /apache/extra # cat /apache/extra/httpd-vhosts.conf
#
# Virtual Hosts
#
# If you want to maintain multiple domains/hostnames on your
# machine you can setup VirtualHost containers for them. Most configurations
# use only name-based virtual hosts so the server doesn't need to worry about
# IP addresses. This is indicated by the asterisks in the directives below.
#
# Please see the documentation at
# <URL:http://httpd.apache.org/docs/2.2/vhosts>
# for further details before you try to setup virtual hosts.
#
# You may use the command line option '-S' to verify your virtual host
# configuration.

#
# Use name-based virtual hosting.
#
NameVirtualHost *:81

<VirtualHost *:81>
ServerAdmin root@localhost
ServerName aixrepository.domain.net

DocumentRoot /var/www/git
LogLevel warn
DavLockDB "/tmp/DavLock"

SetEnv GIT_PROJECT_ROOT /var/www/git
SetEnv GIT_HTTP_EXPORT_ALL

ScriptAlias /git /CGIBIN/git-http-backend

<Directory "/var/www/git">
 Allow from All
 Options +ExecCGI
 AllowOverride All
</Directory>

<Directory "/CGIBIN">
 AllowOverride None
 Options None
 Allow from all
</Directory>
# GIT repository /gitrepo
<Location /gitrepo>
      AuthType Basic
      AuthBasicProvider file ldap
      AuthUserFile "/opt/freeware/etc/httpd/conf/local_passwords"
      AuthzLDAPAuthoritative off
      AuthLDAPBindDN "ldapbindusero@domain.net"
      AuthLDAPBindPassword "ldapbindpassword"
      AuthLDAPURL "ldap://domain.net:3268/?sAMAccountName?sub?"
      Require ldap-user userldap1
      Require ldap-user userldap2
      AuthName "GIT -- AIXREPOSITORY"
      require valid-user
      Allow from all
</Location>
</VirtualHost>

  • Restart Apache server.
[root@aix:] apachectl -t
Syntax OK
[root@aix:] apachectl -k graceful
  • Finally, from GIT client run ‘git clone’ command.
$ git clone http://aixrepository.domain.net:81/git/gitrepo
Cloning into 'gitrepo'...
Username for 'http://aixrepository.domain.net:81': userldap1
remote: Counting objects: 6, done.
remote: Compressing objects: 100% (4/4), done.
remote: Total 6 (delta 0), reused 0 (delta 0)
Unpacking objects: 100% (6/6), done.

userldap1@W078C752 MINGW64 /u/git/
$ cd gitrepo/

userldap1@W078C752 MINGW64 /u/git/gitrepo  (master)
$ git status
On branch master
Your branch is up-to-date with 'origin/master'.
nothing to commit, working tree clean

userldap1@W078C752 MINGW64 /u/git/gitrepo (master)

That’s it!!

Advertisements

About igalvarez

More than 20 years experiences on IT industry. 20+ years in Unix experience : IBM-AIX, HMC/SDMC/IVM, SVC, Protectier, PureFlex Systems, VIOservers, IBM Bladecenters, IBM System Power, RedHat Linux, SuSE Linux, Debian/Ubuntu Linux. Solaris, SCO Unix, Tru64 Unix, Linux Virtualization: XEN, KVM, databases sb2, oracle, postgreSQL, Find more information here: http://en.gravatar.com/igalvarez
This entry was posted in AIX, apache, GIT, ldap and tagged , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s