SVN AuthZ-LDAP sync tool

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for rbw from gravatar.com rbw

Unverified details

These details have not been verified by PyPI
Project links
Meta
Classifiers

Project description

 ______     __  __     ______   __  __     ______     __  __     __   __     ______
/\  __ \   /\ \/\ \   /\__  _\ /\ \_\ \   /\___  \   /\ \_\ \   /\ "-.\ \   /\  ___\
\ \  __ \  \ \ \_\ \  \/_/\ \/ \ \  __ \  \/_/  /__  \ \____ \  \ \ \-.  \  \ \ \____
 \ \_\ \_\  \ \_____\    \ \_\  \ \_\ \_\   /\_____\  \/\_____\  \ \_\\"\_\  \ \_____\
  \/_/\/_/   \/_____/     \/_/   \/_/\/_/   \/_____/   \/_____/   \/_/ \/_/   \/_____/

  • Supports LDAP & local users.

  • Follows nested groups.

  • Compatible with Python 2 and 3.

Installation

git

$ pypi install ldap3
$ git clone https://github.com/rbw0/authzync.git

pypi

$ pypi install authzync

Usage example

Perform a sync of the LDAP directory specified in authzync.json, get non-LDAP permissions from local_db.json and write results to svn_authz.txt

$ python authzync.py --config authzync.json --local_db local_db.json --authz svn_authz.txt

Configuration

Authzync config (–config) Configures LDAP, mappings, parse rules, logging etc

Example
https://github.com/rbw0/authzync/blob/master/examples/authzync.json

Local users (–local_db) Can be used to set repository permissions for users not present in the LDAP directory, i.e. local users.

Example
https://github.com/rbw0/authzync/blob/master/examples/local_db.json

How it works

  1. Authzync starts by looking for groups matching the patterns.access_pattern in ldap.base_dn

Note that there’s only one required part in the group name: repo_access (RO or RW). This tells authzync which permission to apply to members of this group.

  1. Next, the value of the attribute set in mappings.section_name is parsed according to patterns.section_pattern

  2. Finally, a list of members is fetched and the authz file generated.

Example

Authzync config

Name

Value

ldap.base_dn

ou=SVN,dc=example,dc=com

mappings.section_name

description

patterns.access_pattern

^svn_.*_(?P<repo_access>RO|RW)$

patterns.section_pattern

^(?P<repo_name>.*):(?P<repo_path>/.*)

…and…

LDAP directory

Group name

description value

Members

svn_repo1-trunk_ro

repo1:/trunk

user1, user2

svn_repo2-branches_ro

repo2:/branches

user1, user3

svn_repo1_rw

repo1:/

user3

Should result in:

[repo1:/trunk]
user1 = r
user2 = r

[repo2:/branches]
user1 = r
user3 = r

[repo1:/]
user3 = rw

Author

Created by Robert Wikman <rbw@vault13.org> in 2017

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for rbw from gravatar.com rbw

Unverified details

These details have not been verified by PyPI
Project links
Meta
Classifiers

Release history Release notifications | RSS feed

This version

0.1.8

0.1.6

0.1.4

0.1.3

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

authzync-0.1.8.tar.gz (6.2 kB view details)

Uploaded Source

File details

Details for the file authzync-0.1.8.tar.gz.

File metadata

  • Download URL: authzync-0.1.8.tar.gz
  • Upload date:
  • Size: 6.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No

File hashes

Hashes for authzync-0.1.8.tar.gz
Algorithm Hash digest
SHA256 baac538fa560e2b93a7963883a5d60440404f9b440d463bfa74a12975a7e60bb
MD5 7da09622be85c08077fb08545b5f38f7
BLAKE2b-256 2e0a59cb2b48eafaf704b2ec60952aa9236ef9bf223b72bcfb014a51f6502707

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page