GIT, SSH, and GIT-SHELL
I've made a solution using LDAP, OpenSSH (>4.9) and git-shell.
OpenSSH's ForceCommand is perfect for the job. Consider the following configuration (everyone except admins have to use git-shell):
Match group *,!admin
ForceCommand /usr/bin/git-shell -c "$SSH_ORIGINAL_COMMAND"
Access control is defined using ACL-s and reponame access groups.
setfacl -bR -m default:group:$REPONAME:rwX -m group:$REPONAME:rwX $GITROOT/$REPONAME
setfacl -R -m default:group:$REPONAME-ro:r-X -m group:$REPONAME-ro:r-X $GITROOT/$REPONAME
Don't forget to run "nscd -i group", after each change.
Andor