authzync

SVN AuthZ-LDAP sync tool


Keywords
subversion
License
MIT
Install
pip install authzync==0.1.1

Documentation

authzync

LDAP to authz sync tool.

Installation

git

$ pypi install ldap3
$ git clone https://github.com/rbw0/authzync.git

pypi

$ pypi install authzync

Configuration

Authzync

Configures LDAP, mappings and parse rules.

$ authzync.py --config authzync.json

Example: https://github.com/rbw0/authzync/blob/master/examples/authzync.json

Non-LDAP users (optional)

Can be used to set repository permissions for users not present in the LDAP directory, i.e. local users.

$ authzync.py --local_db local_db.json

Example: https://github.com/rbw0/authzync/blob/master/examples/local_db.json

How it works

  1. Authzync starts by looking for groups matching the patterns.access_pattern in ldap.base_dn
Note that there's only one required part in the group name: repo_access (RO or RW). This tells authzync which permission to apply to members of this group.
  1. Next, the value of the attribute set in mappings.repo_path is parsed according to patterns.repo_pattern
  2. Finally, a list of members is fetched and the authz file generated.

Example

Authz config

Name Value
ldap.base_dn ou=SVN,dc=example,dc=com
mappings.repo_path description
patterns.access_pattern ^svn_.*_(?P<repo_access>RO|RW)$
patterns.repo_pattern ^(?P<repo_name>.*):(?P<repo_path>/.*)

LDAP directory

Group name Description attribute Members
svn_repo1-trunk_ro repo1:/trunk user1, user2
svn_repo1-branches_ro repo2:/branches user1, user3
svn_repo1_rw repo1:/ user3

This should result in the following SVN authz file:

[repo1:/trunk]
user1 = ro
user2 = ro

[repo2:branches]
user1 = ro
user3 = ro

[repo1:/]
user3 = rw

Compatibility

Compatible with both Python 2 and 3.

Author

Created by Robert Wikman <rbw@vault13.org> in 2017