aboutsummaryrefslogtreecommitdiff
path: root/systems/eldiron/gitolite/ldap_gitolite.sh
diff options
context:
space:
mode:
Diffstat (limited to 'systems/eldiron/gitolite/ldap_gitolite.sh')
-rw-r--r--systems/eldiron/gitolite/ldap_gitolite.sh28
1 files changed, 28 insertions, 0 deletions
diff --git a/systems/eldiron/gitolite/ldap_gitolite.sh b/systems/eldiron/gitolite/ldap_gitolite.sh
new file mode 100644
index 0000000..75a39bf
--- /dev/null
+++ b/systems/eldiron/gitolite/ldap_gitolite.sh
@@ -0,0 +1,28 @@
1### This snippet is not standalone and must be integrated in the global ldap_authorized_keys.sh
2LDAP_GITOLITE_MEMBER="@gitolite_ldap_group@"
3GITOLITE_SHELL="@gitolite_shell_path@"
4
5if [[ $user == gitolite ]]; then
6 allowed_logins=$(LDAP_BASE=$USER_LDAP_BASE \
7 ldap_search '(memberOf='$LDAP_GITOLITE_MEMBER')' '' \
8 | grep ^dn \
9 | sed -e "s/^dn: uid=\([^,]*\),.*$USER_LDAP_BASE$/'\1'/" \
10 | paste -sd,)
11
12 psql_search "SELECT login, key FROM ldap_users_ssh_keys WHERE realm = 'immae' AND 'git' = ANY(usage) AND login IN ($allowed_logins);" | while IFS='|' read user key; do
13 if [[ $user == "immae" ]] || [[ $user == "denise" ]]; then
14 # Capitalize first letter (backward compatibility)
15 user=$(sed -r 's/^([a-z])/\U\1/' <<< "$user")
16 fi
17 if [ ! -z "$key" ]; then
18 if [[ $key != *$'\n'* ]] && [[ $key == ssh-* ]]; then
19 echo -n 'command="'$GITOLITE_SHELL' '$user'",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty '
20 echo $key
21 fi
22 fi
23 done
24cat <<EOF
25@gitolite_services@
26EOF
27 exit 0
28fi