After switch auth.type from http to ldap, git clone with http always return 403
105 views
Skip to first unread message
Yingchun Li
Apr 9, 2024, 7:33:06 AM4/9/24
to Repo and Gerrit Discussion
My gerrit server switched the auth from http to ldap, now I can login and logout
with ldap no problem, and 'git clone' with ssh also doesn't have problem.
But when I clone the repos with http protocol, it always says
"remote: Forbidden, fatal: unable to access 'https://ap.mycompany.com/sandbox/': The requested URL returned error: 403"
Just before when using http, git will prompt the password and wait for input, now
there is no any prompt.
Here is my gerrit settings:
[auth]
type = ldap
emailFormat = {0}@mycompany.com
gitBasicAuthPolicy = ldap
trustContainerAuth = true
type = ldap
emailFormat = {0}@mycompany.com
gitBasicAuthPolicy = ldap
trustContainerAuth = true
ldap]
server = ldap://my_ldap_ip
username = cn=admin,dc=software,dc=com
accountBase = ou=gerrit,dc=software,dc=com
groupBase = dc=software,dc=com
server = ldap://my_ldap_ip
username = cn=admin,dc=software,dc=com
accountBase = ou=gerrit,dc=software,dc=com
groupBase = dc=software,dc=com
...
and the nginx settings:
...
# SSL stapling (optional)
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
# Log files for Nginx's logging utilities
access_log /var/log/nginx/gerrit.access.log;
error_log /var/log/nginx/gerrit.error.log;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
# Log files for Nginx's logging utilities
access_log /var/log/nginx/gerrit.access.log;
error_log /var/log/nginx/gerrit.error.log;
location / {
#auth_basic_user_file /home/gerrit/gerrit-etc/gerrit.passwd;
auth_basic "Gerrit User Authentication";
proxy_set_header X-Remote-User $remote_user;
proxy_pass http://127.0.0.1:8081;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
#proxy_set_header Host $http_host;
proxy_redirect off;
proxy_http_version 1.1;
}
#auth_basic_user_file /home/gerrit/gerrit-etc/gerrit.passwd;
auth_basic "Gerrit User Authentication";
proxy_set_header X-Remote-User $remote_user;
proxy_pass http://127.0.0.1:8081;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
#proxy_set_header Host $http_host;
proxy_redirect off;
proxy_http_version 1.1;
}
Please give some advice, thanks a lot.
Br,
Yingchun
Yingchun Li
Apr 10, 2024, 2:56:05 AM4/10/24
to Repo and Gerrit Discussion
On Tuesday, April 9, 2024 at 7:33:06 PM UTC+8 Yingchun Li wrote:
My gerrit server switched the auth from http to ldap, now I can login and logoutwith ldap no problem, and 'git clone' with ssh also doesn't have problem.But when I clone the repos with http protocol, it always says"remote: Forbidden, fatal: unable to access 'https://ap.mycompany.com/sandbox/': The requested URL returned error: 403"Just before when using http, git will prompt the password and wait for input, nowthere is no any prompt.Here is my gerrit settings:[auth]
type = ldap
emailFormat = {0}@mycompany.com
gitBasicAuthPolicy = ldap
trustContainerAuth = true
"trustContainerAuth" should no be set to true if you don't use nginx/apache's user/password.
Thanks a lot.
Reply all
Reply to author
Forward
0 new messages