2014-03-10 08:48:08 -04:00
|
|
|
module Gitlab
|
|
|
|
module LDAP
|
|
|
|
class Adapter
|
|
|
|
attr_reader :ldap
|
|
|
|
|
2014-03-14 03:53:46 -04:00
|
|
|
def self.open(&block)
|
|
|
|
Net::LDAP.open(adapter_options) do |ldap|
|
|
|
|
block.call(self.new(ldap))
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def self.config
|
|
|
|
Gitlab.config.ldap
|
|
|
|
end
|
|
|
|
|
|
|
|
def self.adapter_options
|
2014-03-10 08:48:08 -04:00
|
|
|
encryption = config['method'].to_s == 'ssl' ? :simple_tls : nil
|
|
|
|
|
|
|
|
options = {
|
|
|
|
host: config['host'],
|
|
|
|
port: config['port'],
|
|
|
|
encryption: encryption
|
|
|
|
}
|
|
|
|
|
|
|
|
auth_options = {
|
|
|
|
auth: {
|
|
|
|
method: :simple,
|
|
|
|
username: config['bind_dn'],
|
|
|
|
password: config['password']
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if config['password'] || config['bind_dn']
|
|
|
|
options.merge!(auth_options)
|
|
|
|
end
|
2014-03-14 03:53:46 -04:00
|
|
|
options
|
|
|
|
end
|
|
|
|
|
2014-03-10 08:48:08 -04:00
|
|
|
|
2014-03-14 03:53:46 -04:00
|
|
|
def initialize(ldap=nil)
|
|
|
|
@ldap = ldap || Net::LDAP.new(self.class.adapter_options)
|
2014-03-10 08:48:08 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
def users(field, value)
|
|
|
|
if field.to_sym == :dn
|
|
|
|
options = {
|
2014-04-23 23:00:56 -04:00
|
|
|
base: value,
|
|
|
|
scope: Net::LDAP::SearchScope_BaseObject
|
2014-03-10 08:48:08 -04:00
|
|
|
}
|
|
|
|
else
|
|
|
|
options = {
|
|
|
|
base: config['base'],
|
|
|
|
filter: Net::LDAP::Filter.eq(field, value)
|
|
|
|
}
|
|
|
|
end
|
|
|
|
|
|
|
|
if config['user_filter'].present?
|
|
|
|
user_filter = Net::LDAP::Filter.construct(config['user_filter'])
|
|
|
|
|
|
|
|
options[:filter] = if options[:filter]
|
|
|
|
Net::LDAP::Filter.join(options[:filter], user_filter)
|
|
|
|
else
|
|
|
|
user_filter
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2014-05-14 12:10:43 -04:00
|
|
|
entries = ldap_search(options).select do |entry|
|
2014-03-10 08:48:08 -04:00
|
|
|
entry.respond_to? config.uid
|
|
|
|
end
|
|
|
|
|
|
|
|
entries.map do |entry|
|
|
|
|
Gitlab::LDAP::Person.new(entry)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def user(*args)
|
|
|
|
users(*args).first
|
|
|
|
end
|
|
|
|
|
2014-05-14 12:11:14 -04:00
|
|
|
def dn_matches_filter?(dn, filter)
|
|
|
|
ldap_search(base: dn, filter: filter, scope: Net::LDAP::SearchScope_BaseObject, attributes: %w{dn}).any?
|
|
|
|
end
|
|
|
|
|
2014-05-14 12:10:43 -04:00
|
|
|
def ldap_search(*args)
|
|
|
|
results = ldap.search(*args)
|
|
|
|
|
|
|
|
if results.nil?
|
|
|
|
response = ldap.get_operation_result
|
|
|
|
|
|
|
|
unless response.code.zero?
|
|
|
|
Rails.logger.warn("LDAP search error: #{response.message}")
|
|
|
|
end
|
|
|
|
|
|
|
|
[]
|
|
|
|
else
|
|
|
|
results
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2014-03-10 08:48:08 -04:00
|
|
|
private
|
|
|
|
|
|
|
|
def config
|
2014-03-14 03:53:46 -04:00
|
|
|
@config ||= self.class.config
|
2014-03-10 08:48:08 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|