All the public keys of our users are in our LDAP. Gitolite already gets the usernames and groups out of this LDAP. But for each new user, we have to manually add the userkey to the keydir of gitolite.
Is there a way of letting gitolite automatically get the keys directly from LDAP?
the gitolite gets the users from the authorizedkyes file. This file is generated when you add a new public key to the keys folder.
You have to configure your ssh to use external command for authorized keys file. From OpenSSH 6.1 you can use AuthorizedKeysCommand (for the external command) and AuthorizedKeysCommandUser (under the id the command will run). You have to write your own script or adjust one from the internet to provide the proper output. The command takes one option (uid) and give back the list of public keys ot the user.
If you check the authorized keys of the gitolite it looks more advanced.
command="/usr/share/gitolite/gl-auth-command username",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3Nza
So you have to adjust your script to generate such an output if the user match with your gitolite user (normally git or gitolite).