### This snippet is not standalone and must be integrated in the global ldap_authorized_keys.sh
LDAP_GITOLITE_MEMBER="cn=users,cn=gitolite,ou=services,dc=immae,dc=eu"
GITOLITE_SHELL=$(which gitolite-shell)

if [[ $user == gitolite ]]; then
  ldap_search '(&(memberOf='$LDAP_GITOLITE_MEMBER')('$KEY'=*))' $KEY | \
    while read line ;
    do
      if [ ! -z "$line" ]; then
        if [[ $line == dn* ]]; then
          user=$(sed -n 's/.*uid=\([^,]*\).*/\1/p' <<< "$line")
          if [ -n "$user" ]; then
            if [[ $user == "immae" ]] || [[ $user == "denise" ]]; then
              # Capitalize first letter (backward compatibility)
              user=$(sed -r 's/^([a-z])/\U\1/' <<< "$user")
            fi
          else
            # Service fake user
            user=$(sed -n 's/.*cn=\([^,]*\).*/\1/p' <<< "$line")
          fi
        elif [[ $line == $KEY* ]]; then
          key=$(clean_key_line git "$line")
          if [ ! -z "$key" ]; then
            if [[ $key != *$'\n'* ]] && [[ $key == ssh-* ]]; then
              echo -n 'command="'$GITOLITE_SHELL' '$user'",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty '
              echo $key
            fi
          fi
        fi
      fi
    done
  exit 0
fi