Create a gist now

Instantly share code, notes, and snippets.

@steakknife /gitolite_ad_group_membership.sh
Created Jan 31, 2012

What would you like to do?
Download ZIP
gitolite group membership script for Active Directory
Raw
gitolite_ad_group_membership.sh
#!/bin/sh
set -e
# Get a list of groups a user is a member of on one line, space-seperated
# Single-quote group names with spaces, otherwise print the rest
SPACE_CHAR='-'
TMP=`mktemp`
ldapsearch -H ldap://domain.local -b OU=Everything,DC=domain,DC=local -LLL -x -z0 -D 'CN=gitolite,OU=Engineering,OU=Everything,DC=domain,DC=local' -y /var/lib/git/gitolite_ad_passwd "(sAMAccountName=$1)" userAccountControl memberOf > "$TMP"
# Is the account still valid? non-zero = no, zero = yes
awk '{if(!and($2,0x02)){print $0}}' "$TMP" \
| grep -qse 'userA' - || {
shred -u "$TMP"
false
}
awk '/^ /{x=$0;gsub(" ","",x);print x};!/^ /{if(length($0)==78){printf$0}else{print}}' "$TMP" | \
grep -e 'memberOf: ' | \
sed 's/.*CN=\([^,]*\),.*/\1/g' | \
tr ' \n' "$SPACE_CHAR " || {
shred -u "$TMP"
false
}
# Bit 1 (decimal value 2) of userAccountControl : 1 = account disabled, 0 = account enabled
@steakknife

This comment has been minimized.

Show comment Hide comment
@steakknife

steakknife Jan 31, 2012

assume for the following

GIT_HOME=/var/lib/git # dir containing .gitolite.rc and repositories
GIT_USER=git # could be something else like gitolite or blah

/var/lib/git/.gitolite.rc

$GL_GET_MEMBERSHIPS_PGM = "/var/lib/git/gitolite_ad_group_membership.sh" 
.
.
.
$GL_BIG_CONFIG = 1;

password

echo -n 'your_password' > $GIT_HOME/.gitolite_passwd_in_file
chmod 0400 $GIT_HOME/.gitolite_passwd_in_file

Secure everything

chmod 0750 $GIT_HOME/gitolite_ad_group_membership.sh
chown -R $GIT_USER:$GIT_USER /var/lib/git
Owner

steakknife commented Jan 31, 2012

assume for the following

GIT_HOME=/var/lib/git # dir containing .gitolite.rc and repositories
GIT_USER=git # could be something else like gitolite or blah

/var/lib/git/.gitolite.rc

$GL_GET_MEMBERSHIPS_PGM = "/var/lib/git/gitolite_ad_group_membership.sh" 
.
.
.
$GL_BIG_CONFIG = 1;

password

echo -n 'your_password' > $GIT_HOME/.gitolite_passwd_in_file
chmod 0400 $GIT_HOME/.gitolite_passwd_in_file

Secure everything

chmod 0750 $GIT_HOME/gitolite_ad_group_membership.sh
chown -R $GIT_USER:$GIT_USER /var/lib/git
@steakknife

This comment has been minimized.

Show comment Hide comment
@steakknife

steakknife Jan 31, 2012

Might want to put $GIT_HOME as an NFS mount to your SAN, NAS or fileserver.
Owner

steakknife commented Jan 31, 2012

Might want to put $GIT_HOME as an NFS mount to your SAN, NAS or fileserver.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment