From 0261e875679f1bf63c8d689da7fc7e014597885d Mon Sep 17 00:00:00 2001
From: Stonewall Jackson <stonewall@sacredheartsc.com>
Date: Sat, 4 Feb 2023 01:23:43 -0500
Subject: initial commit

---
 .../templates/usr/local/bin/gitolite-grouplist.j2  | 42 ++++++++++++++++++++++
 1 file changed, 42 insertions(+)
 create mode 100644 roles/gitolite/templates/usr/local/bin/gitolite-grouplist.j2

(limited to 'roles/gitolite/templates/usr/local/bin/gitolite-grouplist.j2')

diff --git a/roles/gitolite/templates/usr/local/bin/gitolite-grouplist.j2 b/roles/gitolite/templates/usr/local/bin/gitolite-grouplist.j2
new file mode 100644
index 0000000..2060620
--- /dev/null
+++ b/roles/gitolite/templates/usr/local/bin/gitolite-grouplist.j2
@@ -0,0 +1,42 @@
+#!/usr/libexec/platform-python
+
+import os
+import sys
+import ldap
+import ldap.sasl
+import ldap.filter
+
+LDAP_URI = '{{ freeipa_ldap_uri }}'
+USER_BASEDN = '{{ freeipa_user_basedn }}'
+GROUP_BASEDN = '{{ freeipa_group_basedn }}'
+
+if len(sys.argv) != 2:
+  sys.exit('must specify one username')
+
+if sys.argv[1] == 'nobody':
+  exit(0)
+
+os.environ['GSS_USE_PROXY'] = 'yes'
+conn = ldap.initialize(LDAP_URI)
+conn.protocol_version = ldap.VERSION3
+conn.sasl_interactive_bind_s('', ldap.sasl.sasl({}, 'GSSAPI'))
+
+user = conn.search_s(
+  USER_BASEDN,
+  ldap.SCOPE_SUBTREE,
+  ldap.filter.filter_format('uid=%s', [sys.argv[1]]),
+  ['memberOf'])
+
+if not user:
+  exit(1)
+
+groups = []
+
+for group_dn in [ldap.dn.explode_dn(dn) for dn in user[0][1]['memberOf']]:
+  if ','.join(group_dn[1:]) == GROUP_BASEDN:
+    rdn = ldap.dn.str2dn(group_dn[0])[0][0]
+    if rdn[0] == 'cn':
+      # replace whitespace with underscore
+      groups.append('_'.join(rdn[1].split()))
+
+print(' '.join(groups))
-- 
cgit