Using LDAP as auth method for git repositories

I want to convince my boss that we should be using git for version control. He says, that it absolutely must authenticate users through our central LDAP server.

I looked at the various solutions (gitweb, gitorious ... ) and couldn't really find a definitive answer about whether they support LDAP authentication.

The only solution I could find a little info on was a Apache+mod_ldap setting. But that would mean that the user authenticating on LDAP wouldn't necessarily be the same as the actual git user, right? (Not that this is a huge problem, but just something which would bug me.)

So, what's the best way to authenticate git users via LDAP?


Solution 1:

While keys are used for most public git services, the real authentication happens via ssh. SSH is more then capable of authenticating against ldap. As far as git is concerned once you have access to the files you can go to town.

UPDATE

Git now supports (as of this year, who knew?) a smart http pushing mechanism. The old way was to use a webdav server, but both fetching and pushing were very slow and inefficient. Now you can get pretty much the same speeds over http as you would ssh:// or git://. This means you can use apache or nginx and use any http auth scheme you would like. (Ldap, database, etc.)

More info from pro git and github.

Solution 2:

You can look for/develop an git backend authentication using pre-receive git hooks scripts. They are not necessarily needed to be an shell script.

For example, if you look into gitorious' pre-receive hook, you'll see its way to authenticate the guy who are trying to push into the remote repo in that situation using a Ruby Script. If you wish and spend a bit of your time on it, you can do the same using your favorite language and its ldap library :-)