I was stumped for a while trying to figure out how to provide a Git repo via HTTP(s) in order to allow a separate group of ldap authenticated users to have read-only access to each individual repos while another group in A/D has full read-write access.  Here’s what I finally came up and included in my apache’s conf file to make it work:

<Location /git/MyGitRepo>
Require ldap-group CN=MyGitRepoRO,OU=Git Security Groups,OU=Organizational Units,DC=ds,DC=dinkyuniversity,DC=edu

<LocationMatch “^/git/MyGitRepo/git-receive-pack$”>
Require ldap-group CN=MyGitRepoRW,OU=Git Security Groups,OU=Organizational Units,DC=ds,DC=dinkyuniversity,DC=edu

As you can see above, basically the trick I figured out was to limit access for the “git-receive-pack” command for a separate group of people needing the read-write access.  Users needing RW access must also exist in the RO group as well.

Leave a reply

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> 


Just making sure you\'re human! * Time limit is exhausted. Please reload CAPTCHA.