{"id":134,"date":"2015-02-10T19:05:09","date_gmt":"2015-02-11T02:05:09","guid":{"rendered":"https:\/\/www.jumpcloud.com\/engineering-blog\/?p=134"},"modified":"2021-09-22T16:54:02","modified_gmt":"2021-09-22T20:54:02","slug":"git-repository","status":"publish","type":"post","link":"https:\/\/jumpcloud.com\/blog\/git-repository","title":{"rendered":"Managing your Git repository with LDAP authentication"},"content":{"rendered":"\n

When setting up a Git repo, controlling access is key. With JumpCloud\u2019s LDAP solution, it\u2019s easy to manage your users’ access to your repositories. Let\u2019s walk through how this can be done.<\/p>\n\n\n\n

Create your Git server<\/h3>\n\n\n\n

We\u2019re assuming here that you have a clean Linux server machine. I\u2019m using Ubuntu 14.04. Other systems might have slight variations with the commands, especially in the installation steps.<\/p>\n\n\n\n

Install Git<\/h5>\n\n\n\n

Installing the Git server software is simple.<\/p>\n\n\n\n

sudo apt-get install git<\/pre>\n\n\n\n

Add user identities to the Git server<\/h3>\n\n\n\n

Git controls access to repositories through the fundamental user access to files and directories on the machine. By managing these users via LDAP, you manage who can access which repositories.<\/p>\n\n\n\n

Let\u2019s configure LDAP in JumpCloud to get this going.<\/p>\n\n\n\n

Get your organization\u2019s setting from the JumpCloud admin console<\/h5>\n\n\n\n

Find your organization\u2019s information in the settings in the JumpCloud console<\/a>. Make sure LDAP is toggled to \u2018on\u2019. We\u2019ll be using the value found here for the Organization ID.<\/p>\n\n\n\n

Set your user as an LDAP admin<\/h5>\n\n\n\n

In this case we’re going to use an individual user account as the LDAP admin. Make sure the “LDAP binding user service account” is checked in that user’s details. We’ll need this user’s email address and password below.<\/p>\n\n\n\n

\"Screenshot<\/a><\/figure><\/div>\n\n\n\n
Configure UIDs in JumpCloud<\/h5>\n\n\n\n

Note that to have the users in JumpCloud available to your machine, you need to assign values for the uids.<\/p>\n\n\n\n

Under \u201cSettings\u201d, make sure you have checked \u201cKeep UID consistent across all servers\u201d, and for each individual user, also check this value and assign them a UID.
<\/p>\n\n\n\n

On your Git server – install the SSSD libraries<\/h4>\n\n\n\n

On your Linux box, install the libraries. For Debian-like systems1<\/a> use the following.<\/p>\n\n\n\n

sudo apt-get install sssd libpam-sss libnss-sss<\/pre>\n\n\n\n

Configure SSSD<\/h4>\n\n\n\n

Now that sssd is installed, we will edit the file its configuration to direct it to use JumpCloud\u2019s LDAP. Note that you\u2019ll substitute your values found in the JumpCloud console above for <org-id>, <user-email>, and <password> to associate with your account.<\/p>\n\n\n\n

The file we create is \/etc\/sssd\/sssd.conf<\/strong>.<\/p>\n\n\n\n

[sssd]\nconfig_file_version = 2\nservices = nss,pam,ssh\ndomains = jumpcloud\n\n<\/pre>\n\n\n

[nss]<\/p>\n\n\n

[pam]<\/p>\n\n\n

[domain\/jumpcloud]<\/p>\n\n\n\n

\ndebug_level = 2\nid_provider = ldap\nenumerate=true\nauth_provider=ldap\ncache_credentials=true\nldap_uri = ldaps:\/\/ldap.jumpcloud.com:10636\nldap_search_base = ou=Users,o=,dc=jumpcloud,dc=com\nldap_default_bind_dn = uid=,ou=Admins,o=,dc=jumpcloud,dc=com\nldap_default_authtok = \nldap_group_search_base = ou=Groups,o=,dc=jumpcloud,dc=com\nldap_user_ssh_public_key = sshKey\n\nldap_tls_cacert = \/etc\/ssl\/certs\/ca-certificates.crt\n\nsudo_provider = none\n\n<\/p>\n\n\n\n

Once you\u2019ve made this change, set the file\u2019s permissions using<\/p>\n\n\n\n

sudo chmod 600 \/etc\/sssd\/sssd.conf<\/pre>\n\n\n\n

and then restart sssd using<\/p>\n\n\n\n

sudo service sssd restart<\/pre>\n\n\n\n

.<\/p>\n\n\n\n

\n

Key-based authentication<\/h4>\n

At this point our users can log in using their passwords (if allowed by the ssh config). Since we\u2019re wanting to use key-based authentication, we\u2019ll also need to make a change to the\/etc\/ssh\/sshd_config<\/code> file. Add the following lines<\/p>\n

AuthorizedKeysCommand \/usr\/bin\/sss_ssh_authorizedkeys\nAuthorizedKeysCommandUser root<\/pre>\n

and then restart the service using<\/p>\n

sudo service ssh restart<\/pre>\n

Create your repository<\/h3>\n

Now your users have the ability to create and manage repositories on the server.<\/p>\n

User connie creates an empty git repo<\/p>\n

ssh connie@git-server git init –shared –bare \/DevRepos\/connies-repo.git<\/pre>\n

Share the repository<\/h4>\n

One key point here is that we want to share access among people within the same group.<\/p>\n

\"Screenshot<\/a><\/figure>

First, in JumpCloud create the appropriate group with the right users.
<\/p>\n

User connie needs to tweak ownership of the repo in order to share access with the group.<\/p>\n

ssh connie@git-server chown -R connie:repousers \/DevRepos\/connies-repo.git\/<\/pre>\n

That gives anyone in that same group access. Let\u2019s make sure ONLY that group has access.<\/p>\n

ssh connie@git-server chmod 770 \/DevRepos\/connies-repo.git\/<\/pre>\n

Now user luka can clone<\/p>\n

git clone luka@git-server:\/DevRepos\/connies-repo.git<\/pre>\n

and push changes to it<\/p>\n

git push origin master<\/pre>\n

with no problem, but users outside of the repousers<\/code> group cannot.<\/p>\n

Easy!<\/em><\/strong><\/p>\n<\/div>\n\n\n\n

\n

\n
    \n
  1. I\u2019ve tested this against Ubuntu 14.04 \u2013 other flavors may vary somewhat \u21a9<\/a><\/li>\n<\/ol>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

    When setting up a Git repo, controlling access is key. With JumpCloud\u2019s LDAP solution, it\u2019s easy to manage. Let\u2019s walk through how this can be done.<\/p>\n","protected":false},"author":30,"featured_media":525,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"categories":[23,42],"tags":[],"collection":[2779],"platform":[],"funnel_stage":[3016],"coauthors":[],"acf":[],"yoast_head":"\nManaging your Git repository with LDAP authentication - JumpCloud<\/title>\n<meta name=\"description\" content=\"When setting up a Git repo, controlling access is key. With JumpCloud\u2019s LDAP solution, it\u2019s easy to manage. Let\u2019s walk through how this can be done.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/blog\/git-repository\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Managing your Git repository with LDAP authentication\" \/>\n<meta property=\"og:description\" content=\"When setting up a Git repo, controlling access is key. With JumpCloud\u2019s LDAP solution, it\u2019s easy to manage. Let\u2019s walk through how this can be done.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/blog\/git-repository\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:published_time\" content=\"2015-02-11T02:05:09+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-09-22T20:54:02+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2015\/02\/Managing-your-Git-repository-with-LDAP-authentication-1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1\" \/>\n\t<meta property=\"og:image:height\" content=\"1\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Greg Keller\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Greg Keller\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/git-repository#article\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/git-repository\"},\"author\":{\"name\":\"Greg Keller\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/33bf05bce1792138e1fac8878933c1f6\"},\"headline\":\"Managing your Git repository with LDAP authentication\",\"datePublished\":\"2015-02-11T02:05:09+00:00\",\"dateModified\":\"2021-09-22T20:54:02+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/git-repository\"},\"wordCount\":618,\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/git-repository#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2015\/02\/Managing-your-Git-repository-with-LDAP-authentication-1.png\",\"articleSection\":[\"Best Practices\",\"News\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/git-repository\",\"url\":\"https:\/\/jumpcloud.com\/blog\/git-repository\",\"name\":\"Managing your Git repository with LDAP authentication - JumpCloud\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/git-repository#primaryimage\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/git-repository#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2015\/02\/Managing-your-Git-repository-with-LDAP-authentication-1.png\",\"datePublished\":\"2015-02-11T02:05:09+00:00\",\"dateModified\":\"2021-09-22T20:54:02+00:00\",\"description\":\"When setting up a Git repo, controlling access is key. With JumpCloud\u2019s LDAP solution, it\u2019s easy to manage. Let\u2019s walk through how this can be done.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/git-repository#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/blog\/git-repository\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/git-repository#primaryimage\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2015\/02\/Managing-your-Git-repository-with-LDAP-authentication-1.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2015\/02\/Managing-your-Git-repository-with-LDAP-authentication-1.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/git-repository#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Managing your Git repository with LDAP authentication\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/33bf05bce1792138e1fac8878933c1f6\",\"name\":\"Greg Keller\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/image\/bb829f9c68b309c7d66b61d4436f8afa\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/1329dd1fe0f66c8a37039a19f3169d11?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/1329dd1fe0f66c8a37039a19f3169d11?s=96&d=mm&r=g\",\"caption\":\"Greg Keller\"},\"description\":\"JumpCloud CTO, Greg Keller is a career product visionary and executive management leader. With over two decades of product management, product marketing, and operations experience ranging from startups to global organizations, Greg excels in successful go-to-market execution.\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Managing your Git repository with LDAP authentication - JumpCloud","description":"When setting up a Git repo, controlling access is key. With JumpCloud\u2019s LDAP solution, it\u2019s easy to manage. Let\u2019s walk through how this can be done.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/blog\/git-repository","og_locale":"en_US","og_type":"article","og_title":"Managing your Git repository with LDAP authentication","og_description":"When setting up a Git repo, controlling access is key. With JumpCloud\u2019s LDAP solution, it\u2019s easy to manage. Let\u2019s walk through how this can be done.","og_url":"https:\/\/jumpcloud.com\/blog\/git-repository","og_site_name":"JumpCloud","article_published_time":"2015-02-11T02:05:09+00:00","article_modified_time":"2021-09-22T20:54:02+00:00","og_image":[{"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2015\/02\/Managing-your-Git-repository-with-LDAP-authentication-1.png","width":1,"height":1,"type":"image\/png"}],"author":"Greg Keller","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Greg Keller","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/jumpcloud.com\/blog\/git-repository#article","isPartOf":{"@id":"https:\/\/jumpcloud.com\/blog\/git-repository"},"author":{"name":"Greg Keller","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/33bf05bce1792138e1fac8878933c1f6"},"headline":"Managing your Git repository with LDAP authentication","datePublished":"2015-02-11T02:05:09+00:00","dateModified":"2021-09-22T20:54:02+00:00","mainEntityOfPage":{"@id":"https:\/\/jumpcloud.com\/blog\/git-repository"},"wordCount":618,"publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"image":{"@id":"https:\/\/jumpcloud.com\/blog\/git-repository#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2015\/02\/Managing-your-Git-repository-with-LDAP-authentication-1.png","articleSection":["Best Practices","News"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/blog\/git-repository","url":"https:\/\/jumpcloud.com\/blog\/git-repository","name":"Managing your Git repository with LDAP authentication - JumpCloud","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/jumpcloud.com\/blog\/git-repository#primaryimage"},"image":{"@id":"https:\/\/jumpcloud.com\/blog\/git-repository#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2015\/02\/Managing-your-Git-repository-with-LDAP-authentication-1.png","datePublished":"2015-02-11T02:05:09+00:00","dateModified":"2021-09-22T20:54:02+00:00","description":"When setting up a Git repo, controlling access is key. With JumpCloud\u2019s LDAP solution, it\u2019s easy to manage. Let\u2019s walk through how this can be done.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/blog\/git-repository#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/blog\/git-repository"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/blog\/git-repository#primaryimage","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2015\/02\/Managing-your-Git-repository-with-LDAP-authentication-1.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2015\/02\/Managing-your-Git-repository-with-LDAP-authentication-1.png"},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/blog\/git-repository#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Managing your Git repository with LDAP authentication"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/33bf05bce1792138e1fac8878933c1f6","name":"Greg Keller","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/image\/bb829f9c68b309c7d66b61d4436f8afa","url":"https:\/\/secure.gravatar.com\/avatar\/1329dd1fe0f66c8a37039a19f3169d11?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/1329dd1fe0f66c8a37039a19f3169d11?s=96&d=mm&r=g","caption":"Greg Keller"},"description":"JumpCloud CTO, Greg Keller is a career product visionary and executive management leader. With over two decades of product management, product marketing, and operations experience ranging from startups to global organizations, Greg excels in successful go-to-market execution."}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/134"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/30"}],"replies":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/comments?post=134"}],"version-history":[{"count":2,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/134\/revisions"}],"predecessor-version":[{"id":54038,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/134\/revisions\/54038"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media\/525"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=134"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/categories?post=134"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/tags?post=134"},{"taxonomy":"collection","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/collection?post=134"},{"taxonomy":"platform","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/platform?post=134"},{"taxonomy":"funnel_stage","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/funnel_stage?post=134"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=134"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}