How to configure LDAP groups in gitolite.conf

Question

I have set up GIT with GITOLITE over https access. For Authorization we wantto add the LDAP Groups to the gitolite.conf. I have attached the ldap script to .gitolite.rc and it is able to fetch all the user groups which the user is part of.For authorizationi added the respective groups in gitolite.conf but it is not able to fetch the group in gitolite.conf.

repo testing
    RW+      = @testing_ldap_group_rw
    R       =  @testing_ldap_group_read

I have enabled this also in .gitolite.rc

GROUPLIST_PGM           =>  '/path/to/ldap-query-groups-script',

Do i have to make any other configuration changes?

Answer 1

I do declare the LDAP script in .gitolite.rc.

But that script isn't "attached to .gitolite.rc.
It is an independent script in my $PATH.
Following the Gitolite documentation, it does query the LDAP store and returns a space-separated list of groups that the user is a member of.

Then using the @groupName notation works just fine: if the user is part of (memberOf) the LDAP group groupName, he/she will be allowed.

Answer 2

You would need to configure gitolite (.gitolite.rc) and set GROUPLIST_PGM to be a program that, given a username, returns a space-separated list of groups. The program is up to you and can query any source, including but not limited to ldap.

There is a sample contrib script that you can look at for an example: https://github.com/sitaramc/gitolite/blob/master/contrib/utils/ldap_groups.sh