Skip to main content

SVN AuthZ-LDAP sync tool

Project description

LDAP to authz sync tool.

Installation

git

$ pypi install ldap3
$ git clone https://github.com/rbw0/authzync.git

pypi

$ pypi install authzync

Usage

Perform a sync of the LDAP directory specified in authzync.json, get non-LDAP permissions from local_db.json and write results to svn_authz.txt

$ python authzync.py --config authzync.json --local_db local_db.json --authz svn_authz.txt

Configuration

Authzync

Configures LDAP, mappings and parse rules.

$ python authzync.py --config authzync.json

Example: https://github.com/rbw0/authzync/blob/master/examples/authzync.json

Non-LDAP users (optional)

Can be used to set repository permissions for users not present in the LDAP directory, i.e. local users.

$ python authzync.py --local_db local_db.json

Example: https://github.com/rbw0/authzync/blob/master/examples/local_db.json

How it works

  1. Authzync starts by looking for groups matching the patterns.access_pattern in ldap.base_dn
Note that there’s only one required part in the group name: repo_access (RO or RW). This tells authzync which permission to apply to members of this group.
  1. Next, the value of the attribute set in mappings.section_name is parsed according to patterns.section_pattern
  2. Finally, a list of members is fetched and the authz file generated.

Example

Authzync config

Name Value
ldap.base_dn ou=SVN,dc=example,dc=com
mappings.section_name description
patterns.access_pattern ^svn_.*_(?P<repo_access>RO|RW)$
patterns.section_pattern ^(?P<repo_name>.*):(?P<repo_path>/.*)

LDAP directory

Group name description value Members
svn_repo1-trunk_ro repo1:/trunk user1, user2
svn_repo2-branches_ro repo2:/branches user1, user3
svn_repo1_rw repo1:/ user3

This should result in the following SVN authz file:

[repo1:/trunk]
user1 = ro
user2 = ro

[repo2:/branches]
user1 = ro
user3 = ro

[repo1:/]
user3 = rw

Compatibility

Compatible with both Python 2 and 3.

Author

Created by Robert Wikman <rbw@vault13.org> in 2017

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for authzync, version 0.1.1
Filename, size File type Python version Upload date Hashes
Filename, size authzync-0.1.1.tar.gz (4.9 kB) File type Source Python version None Upload date Hashes View

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Huawei Huawei PSF Sponsor Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page