diff options
Diffstat (limited to 'systems/eldiron/gitolite/ldap_gitolite.sh')
-rw-r--r-- | systems/eldiron/gitolite/ldap_gitolite.sh | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/systems/eldiron/gitolite/ldap_gitolite.sh b/systems/eldiron/gitolite/ldap_gitolite.sh new file mode 100644 index 0000000..75a39bf --- /dev/null +++ b/systems/eldiron/gitolite/ldap_gitolite.sh | |||
@@ -0,0 +1,28 @@ | |||
1 | ### This snippet is not standalone and must be integrated in the global ldap_authorized_keys.sh | ||
2 | LDAP_GITOLITE_MEMBER="@gitolite_ldap_group@" | ||
3 | GITOLITE_SHELL="@gitolite_shell_path@" | ||
4 | |||
5 | if [[ $user == gitolite ]]; then | ||
6 | allowed_logins=$(LDAP_BASE=$USER_LDAP_BASE \ | ||
7 | ldap_search '(memberOf='$LDAP_GITOLITE_MEMBER')' '' \ | ||
8 | | grep ^dn \ | ||
9 | | sed -e "s/^dn: uid=\([^,]*\),.*$USER_LDAP_BASE$/'\1'/" \ | ||
10 | | paste -sd,) | ||
11 | |||
12 | psql_search "SELECT login, key FROM ldap_users_ssh_keys WHERE realm = 'immae' AND 'git' = ANY(usage) AND login IN ($allowed_logins);" | while IFS='|' read user key; do | ||
13 | if [[ $user == "immae" ]] || [[ $user == "denise" ]]; then | ||
14 | # Capitalize first letter (backward compatibility) | ||
15 | user=$(sed -r 's/^([a-z])/\U\1/' <<< "$user") | ||
16 | fi | ||
17 | if [ ! -z "$key" ]; then | ||
18 | if [[ $key != *$'\n'* ]] && [[ $key == ssh-* ]]; then | ||
19 | echo -n 'command="'$GITOLITE_SHELL' '$user'",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ' | ||
20 | echo $key | ||
21 | fi | ||
22 | fi | ||
23 | done | ||
24 | cat <<EOF | ||
25 | @gitolite_services@ | ||
26 | EOF | ||
27 | exit 0 | ||
28 | fi | ||