Skip to content

Embed URL

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
gitolite group membership script for Active Directory
#!/bin/sh
set -e
# Get a list of groups a user is a member of on one line, space-seperated
# Single-quote group names with spaces, otherwise print the rest
SPACE_CHAR='-'
TMP=`mktemp`
ldapsearch -H ldap://domain.local -b OU=Everything,DC=domain,DC=local -LLL -x -z0 -D 'CN=gitolite,OU=Engineering,OU=Everything,DC=domain,DC=local' -y /var/lib/git/gitolite_ad_passwd "(sAMAccountName=$1)" userAccountControl memberOf > "$TMP"
# Is the account still valid? non-zero = no, zero = yes
awk '{if(!and($2,0x02)){print $0}}' "$TMP" \
| grep -qse 'userA' - || {
shred -u "$TMP"
false
}
awk '/^ /{x=$0;gsub(" ","",x);print x};!/^ /{if(length($0)==78){printf$0}else{print}}' "$TMP" | \
grep -e 'memberOf: ' | \
sed 's/.*CN=\([^,]*\),.*/\1/g' | \
tr ' \n' "$SPACE_CHAR " || {
shred -u "$TMP"
false
}
# Bit 1 (decimal value 2) of userAccountControl : 1 = account disabled, 0 = account enabled
@steakknife
Owner

assume for the following

GIT_HOME=/var/lib/git # dir containing .gitolite.rc and repositories
GIT_USER=git # could be something else like gitolite or blah

/var/lib/git/.gitolite.rc

$GL_GET_MEMBERSHIPS_PGM = "/var/lib/git/gitolite_ad_group_membership.sh" 
.
.
.
$GL_BIG_CONFIG = 1; 

password

echo -n 'your_password' > $GIT_HOME/.gitolite_passwd_in_file
chmod 0400 $GIT_HOME/.gitolite_passwd_in_file

Secure everything

chmod 0750 $GIT_HOME/gitolite_ad_group_membership.sh
chown -R $GIT_USER:$GIT_USER /var/lib/git
@steakknife
Owner

Might want to put $GIT_HOME as an NFS mount to your SAN, NAS or fileserver.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.