As you may guess from the title that my previous method did not work out for us –not that it is not good, actually it is much cleaner than this solution–. Apache authentication module mod_crowd
does not work with SUSE Linux Enterprise Server 11 and it is our infra team’s choice of flavor for production servers 🙂
What I did instead was;
- I used
mod_ldap_auth
to do the authentication - And made
gitolite
call a ruby script to retrieve the groups of the user from Crowd.
See the ruby one liner below.
#!/usr/bin/env ruby # gitolite passes the username as a parameter to this script require 'json' require 'rest_client' url = '/web/20160922073144/http://demo:password@localhost:8095/crowd/rest/usermanagement/1/user/group/nested.json?username=#{ARGV[0]}' JSON.parse(RestClient.get(url))['groups'].inject([]){|total, group| total << group['name']}.join(' ')
For those who wonder the format of Crowd’s output for the service call, it is as follows.
{ "expand": "group", "groups": [ { "link": { "href": "http://localhost:8095/crowd/rest/usermanagement/1/group?groupname=confluence-administrators", "rel": "self" }, "name": "confluence-administrators" }, { "link": { "href": "http://localhost:8095/crowd/rest/usermanagement/1/group?groupname=crowd-administrators", "rel": "self" }, "name": "crowd-administrators" } ] }