Merge branch 'add_active_directory_ldap_option' into 'master'

Add active directory ldap option Fixes #1557 See merge request !1139
2014-10-01 07:04:08 +00:00 · 2014-10-01 07:04:08 +00:00 · 73b92f85bc
commit 73b92f85bc
parent 88d3e97e50 f7aba277e7
4 changed files with 25 additions and 1 deletions
--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@ -140,6 +140,12 @@ production: &base
    method: 'ssl' # "tls" or "ssl" or "plain"
    bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
    password: '_the_password_of_the_bind_user'
+
+    # This setting specifies if LDAP server is Active Directory LDAP server.
+    # For non AD servers it skips the AD specific queries.
+    # If your LDAP server is not AD, set this to false.
+    active_directory: true
+
    # If allow_username_or_email_login is enabled, GitLab will ignore everything
    # after the first '@' in the LDAP username submitted by the user on login.
    #
--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
@ -57,6 +57,7 @@ end
 Settings['ldap'] ||= Settingslogic.new({})
 Settings.ldap['enabled'] = false if Settings.ldap['enabled'].nil?
 Settings.ldap['allow_username_or_email_login'] = false if Settings.ldap['allow_username_or_email_login'].nil?
+Settings.ldap['active_directory'] = true if Settings.ldap['active_directory'].nil?


 Settings['omniauth'] ||= Settingslogic.new({})
--- a/lib/gitlab/ldap/access.rb
+++ b/lib/gitlab/ldap/access.rb
@ -28,7 +28,9 @@ module Gitlab

      def allowed?(user)
        if Gitlab::LDAP::Person.find_by_dn(user.extern_uid, adapter)
-          !Gitlab::LDAP::Person.disabled_via_active_directory?(user.extern_uid, adapter)
+          if Gitlab.config.ldap.active_directory
+            !Gitlab::LDAP::Person.disabled_via_active_directory?(user.extern_uid, adapter)
+          end
        else
          false
        end
--- a/spec/lib/gitlab/ldap/access_spec.rb
+++ b/spec/lib/gitlab/ldap/access_spec.rb
@ -27,6 +27,21 @@ describe Gitlab::LDAP::Access do

        it { should be_true }
      end
+
+      context 'and has no disabled flag in active diretory' do
+        before {
+          Gitlab::LDAP::Person.stub(disabled_via_active_directory?: false)
+          Gitlab.config.ldap['enabled'] = true
+          Gitlab.config.ldap['active_directory'] = false
+        }
+
+        after {
+          Gitlab.config.ldap['enabled'] = false
+          Gitlab.config.ldap['active_directory'] = true
+        }
+
+        it { should be_false }
+      end
    end
  end
 end