LDAP Groups and Git Source Code Hosting

Question

We want to host our own repositories in our Company. We need LDAP support especially with Groups. So I want that User from Group A can't access Projects of Group B. Not even Read it, if it is not allowed.

I also don't want to use https. So best is, if the user logs into the webpage (LDAP login) and uploads his SSH key. After that he should be able to see only projects/repositories for his LDAP group or for all Groups he is in.

Thank you for Your Help! Joerg

Answer 1

Found a helpful solution. I used Gitolite and wrote my own script. Gitolite allows you to use a script to ask the LDAP/AD for the groups. With this Website you can create your own SSH-Key form. For browsing the repos, you can use gitweb with gitolite! Besides the SSH-Key-Form I got everything is up & running.

Answer 2

You could use an authorization layer like Gitolite, which would then be able to get group information through LDAP scripts.
The native way of accessing the repo managed by Gitolite would remain SSH.

Large sites often have LDAP servers that already contain user and group information, including group membership details.
Such sites may prefer that gitolite just pick up that info instead of having to redundantly put it in gitolite's config file.

All you need is a script that, given a username, queries your LDAP or similar server, and returns a space-separated list of all the groups she is a member of.
If an invalid user name is sent in, or the user is valid but is not part of any groups, it should print nothing.