问题:

I have Apache and git-http-backend set up so that authentication is done using LDAP credentials and only members of my git-users group can access the domain that I'm using for serving git repositories. That all seems to be working fine. I'd like to further restrict each individual repository to members of a specific group, e.g., cn=super-secret-project,ou=projects,dc=my,dc=domain. How can I do this without having to modify my *.conf files? Can I added a second LDAP group using .htaccess files?

Here is the relevant part of my apache configuration.

<VirtualHost *:443>
    ServerName git.my.domain

    DocumentRoot /home/git
    LogLevel debug
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
    <Directory /home/git>
            Options ExecCGI Indexes FollowSymLinks
            AllowOverride All
            Require all granted
    </Directory>

    <Location />
            Order deny,allow
            AuthName "Authentication Required"
            AuthType Basic
            AuthBasicProvider ldap
            AuthLDAPUrl ldap://ldap.server/ou=people,dc=my,dc=domain?uid
            AuthLDAPGroupAttribute memberUid
            AuthLDAPGroupAttributeIsDN off
            Require ldap-group cn=git-users,ou=functional-roles,dc=my,dc=domain
            Satisfy all
    </Location>

    SSLEngine on
    SSLOptions +StrictRequire
    SSLCertificateFile /path/to/domain.crt
    SSLCertificateKeyFile /path/to/domain.key

    SuexecUserGroup git git
    ScriptAlias /git /path/to/git-http-backend-wrapper
</VirtualHost>