]>
Commit | Line | Data |
---|---|---|
1a64deeb IB |
1 | ### This snippet is not standalone and must be integrated in the global ldap_authorized_keys.sh |
2 | LDAP_GITOLITE_MEMBER="@gitolite_ldap_group@" | |
3 | GITOLITE_SHELL="@gitolite_shell_path@" | |
4 | ||
5 | if [[ $user == gitolite ]]; then | |
6 | allowed_logins=$(LDAP_BASE=$USER_LDAP_BASE \ | |
7 | ldap_search '(memberOf='$LDAP_GITOLITE_MEMBER')' '' \ | |
8 | | grep ^dn \ | |
9 | | sed -e "s/^dn: uid=\([^,]*\),.*$USER_LDAP_BASE$/'\1'/" \ | |
10 | | paste -sd,) | |
11 | ||
12 | psql_search "SELECT login, key FROM ldap_users_ssh_keys WHERE realm = 'immae' AND 'git' = ANY(usage) AND login IN ($allowed_logins);" | while IFS='|' read user key; do | |
13 | if [[ $user == "immae" ]] || [[ $user == "denise" ]]; then | |
14 | # Capitalize first letter (backward compatibility) | |
15 | user=$(sed -r 's/^([a-z])/\U\1/' <<< "$user") | |
16 | fi | |
17 | if [ ! -z "$key" ]; then | |
18 | if [[ $key != *$'\n'* ]] && [[ $key == ssh-* ]]; then | |
19 | echo -n 'command="'$GITOLITE_SHELL' '$user'",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ' | |
20 | echo $key | |
21 | fi | |
22 | fi | |
23 | done | |
24 | cat <<EOF | |
25 | @gitolite_services@ | |
26 | EOF | |
27 | exit 0 | |
28 | fi |