Add user identities to the Git server<\/h3>\n\n\n\n
Git controls access to repositories through the fundamental user access to files and directories on the machine. By managing these users via LDAP, you manage who can access which repositories.<\/p>\n\n\n\n
Let\u2019s configure LDAP in JumpCloud to get this going.<\/p>\n\n\n\n
Get your organization\u2019s setting from the JumpCloud admin console<\/h5>\n\n\n\n
Find your organization\u2019s information in the settings in the JumpCloud console<\/a>. Make sure LDAP is toggled to \u2018on\u2019. We\u2019ll be using the value found here for the Organization ID.<\/p>\n\n\n\n In this case we’re going to use an individual user account as the LDAP admin. Make sure the “LDAP binding user service account” is checked in that user’s details. We’ll need this user’s email address and password below.<\/p>\n\n\n\n Note that to have the users in JumpCloud available to your machine, you need to assign values for the uids.<\/p>\n\n\n\n Under \u201cSettings\u201d, make sure you have checked \u201cKeep UID consistent across all servers\u201d, and for each individual user, also check this value and assign them a UID. On your Linux box, install the libraries. For Debian-like systems1<\/a> use the following.<\/p>\n\n\n\n Now that sssd is installed, we will edit the file its configuration to direct it to use JumpCloud\u2019s LDAP. Note that you\u2019ll substitute your values found in the JumpCloud console above for <org-id>, <user-email>, and <password> to associate with your account.<\/p>\n\n\n\n The file we create is \/etc\/sssd\/sssd.conf<\/strong>.<\/p>\n\n\n\n [nss]<\/p>\n\n\n [pam]<\/p>\n\n\n [domain\/jumpcloud]<\/p>\n\n\n\n \ndebug_level = 2\nid_provider = ldap\nenumerate=true\nauth_provider=ldap\ncache_credentials=true\nldap_uri = ldaps:\/\/ldap.jumpcloud.com:10636\nldap_search_base = ou=Users,o=,dc=jumpcloud,dc=com\nldap_default_bind_dn = uid=,ou=Admins,o=,dc=jumpcloud,dc=com\nldap_default_authtok = \nldap_group_search_base = ou=Groups,o=,dc=jumpcloud,dc=com\nldap_user_ssh_public_key = sshKey\n\nldap_tls_cacert = \/etc\/ssl\/certs\/ca-certificates.crt\n\nsudo_provider = none\n\n<\/p>\n\n\n\n Once you\u2019ve made this change, set the file\u2019s permissions using<\/p>\n\n\n\n and then restart sssd using<\/p>\n\n\n\n .<\/p>\n\n\n\n At this point our users can log in using their passwords (if allowed by the ssh config). Since we\u2019re wanting to use key-based authentication, we\u2019ll also need to make a change to the and then restart the service using<\/p>\n Now your users have the ability to create and manage repositories on the server.<\/p>\n User connie creates an empty git repo<\/p>\n One key point here is that we want to share access among people within the same group.<\/p>\n First, in JumpCloud create the appropriate group with the right users. User connie needs to tweak ownership of the repo in order to share access with the group.<\/p>\n That gives anyone in that same group access. Let\u2019s make sure ONLY that group has access.<\/p>\n Now user luka can clone<\/p>\n and push changes to it<\/p>\n with no problem, but users outside of the Easy!<\/em><\/strong><\/p>\n<\/div>\n\n\n\nSet your user as an LDAP admin<\/h5>\n\n\n\n
![\"Screenshot](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2015\/02\/Screenshot-from-2015-02-10-104121-1.png\")
<\/a><\/figure><\/div>\n\n\n\nConfigure UIDs in JumpCloud<\/h5>\n\n\n\n
<\/p>\n\n\n\nOn your Git server – install the SSSD libraries<\/h4>\n\n\n\n
sudo apt-get install sssd libpam-sss libnss-sss<\/pre>\n\n\n\n
Configure SSSD<\/h4>\n\n\n\n
[sssd]\nconfig_file_version = 2\nservices = nss,pam,ssh\ndomains = jumpcloud\n\n<\/pre>\n\n\n
sudo chmod 600 \/etc\/sssd\/sssd.conf<\/pre>\n\n\n\n
sudo service sssd restart<\/pre>\n\n\n\n
Key-based authentication<\/h4>\n
\/etc\/ssh\/sshd_config<\/code> file. Add the following lines<\/p>\nAuthorizedKeysCommand \/usr\/bin\/sss_ssh_authorizedkeys\nAuthorizedKeysCommandUser root<\/pre>\n
sudo service ssh restart<\/pre>\n
Create your repository<\/h3>\n
ssh connie@git-server git init –shared –bare \/DevRepos\/connies-repo.git<\/pre>\n
Share the repository<\/h4>\n
![\"Screenshot](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2015\/02\/Screenshot-from-2015-02-10-104834-1.png\")
<\/a><\/figure>
<\/p>\nssh connie@git-server chown -R connie:repousers \/DevRepos\/connies-repo.git\/<\/pre>\n
ssh connie@git-server chmod 770 \/DevRepos\/connies-repo.git\/<\/pre>\n
git clone luka@git-server:\/DevRepos\/connies-repo.git<\/pre>\n
git push origin master<\/pre>\n
repousers<\/code> group cannot.<\/p>\n