SVN AuthZ-LDAP sync tool
Project description
LDAP to authz sync tool.
Installation
git
$ pypi install ldap3
$ git clone https://github.com/rbw0/authzync.git
pypi
$ pypi install authzync
Usage
Perform a sync of the LDAP directory specified in authzync.json, get non-LDAP permissions from local_db.json and write results to svn_authz.txt
$ python authzync.py --config authzync.json --local_db local_db.json --authz svn_authz.txt
Configuration
Authzync
Configures LDAP, mappings and parse rules.
$ python authzync.py --config authzync.json
Example: https://github.com/rbw0/authzync/blob/master/examples/authzync.json
Non-LDAP users (optional)
Can be used to set repository permissions for users not present in the LDAP directory, i.e. local users.
$ python authzync.py --local_db local_db.json
Example: https://github.com/rbw0/authzync/blob/master/examples/local_db.json
How it works
Authzync starts by looking for groups matching the patterns.access_pattern in ldap.base_dn
Note that there’s only one required part in the group name: repo_access (RO or RW). This tells authzync which permission to apply to members of this group.
Next, the value of the attribute set in mappings.section_name is parsed according to patterns.section_pattern
Finally, a list of members is fetched and the authz file generated.
Example
Authzync config
Name |
Value |
---|---|
ldap.base_dn |
ou=SVN,dc=example,dc=com |
mappings.section_name |
description |
patterns.access_pattern |
^svn_.*_(?P<repo_access>RO|RW)$ |
patterns.section_pattern |
^(?P<repo_name>.*):(?P<repo_path>/.*) |
LDAP directory
Group name |
description value |
Members |
---|---|---|
svn_repo1-trunk_ro |
repo1:/trunk |
user1, user2 |
svn_repo2-branches_ro |
repo2:/branches |
user1, user3 |
svn_repo1_rw |
repo1:/ |
user3 |
This should result in the following SVN authz file:
[repo1:/trunk] user1 = r user2 = r [repo2:/branches] user1 = r user3 = r [repo1:/] user3 = rw
Compatibility
Compatible with both Python 2 and 3.
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.