Merge branch 'dm-ldap-adapter-attributes' into 'master'
Support simple string LDAP attribute specifications, and search for name rather… Closes #36841 See merge request !13776
This commit is contained in:
commit
cdf87fe890
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
title: Fix signing in using LDAP when attribute mapping uses simple strings instead
|
||||
of arrays
|
||||
merge_request:
|
||||
author:
|
||||
type: fixed
|
|
@ -73,7 +73,7 @@ module Gitlab
|
|||
private
|
||||
|
||||
def user_options(field, value, limit)
|
||||
options = { attributes: user_attributes }
|
||||
options = { attributes: Gitlab::LDAP::Person.ldap_attributes(config).compact.uniq }
|
||||
options[:size] = limit if limit
|
||||
|
||||
if field.to_sym == :dn
|
||||
|
@ -99,10 +99,6 @@ module Gitlab
|
|||
filter
|
||||
end
|
||||
end
|
||||
|
||||
def user_attributes
|
||||
%W(#{config.uid} cn dn) + config.attributes['username'] + config.attributes['email']
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -21,6 +21,15 @@ module Gitlab
|
|||
adapter.dn_matches_filter?(dn, AD_USER_DISABLED)
|
||||
end
|
||||
|
||||
def self.ldap_attributes(config)
|
||||
[
|
||||
'dn', # Used in `dn`
|
||||
config.uid, # Used in `uid`
|
||||
*config.attributes['name'], # Used in `name`
|
||||
*config.attributes['email'] # Used in `email`
|
||||
]
|
||||
end
|
||||
|
||||
def initialize(entry, provider)
|
||||
Rails.logger.debug { "Instantiating #{self.class.name} with LDIF:\n#{entry.to_ldif}" }
|
||||
@entry = entry
|
||||
|
|
|
@ -16,7 +16,7 @@ describe Gitlab::LDAP::Adapter do
|
|||
expect(adapter).to receive(:ldap_search) do |arg|
|
||||
expect(arg[:filter].to_s).to eq('(uid=johndoe)')
|
||||
expect(arg[:base]).to eq('dc=example,dc=com')
|
||||
expect(arg[:attributes]).to match(%w{uid cn dn uid userid sAMAccountName mail email userPrincipalName})
|
||||
expect(arg[:attributes]).to match(%w{dn uid cn mail email userPrincipalName})
|
||||
end.and_return({})
|
||||
|
||||
adapter.users('uid', 'johndoe')
|
||||
|
@ -26,7 +26,7 @@ describe Gitlab::LDAP::Adapter do
|
|||
expect(adapter).to receive(:ldap_search).with(
|
||||
base: 'uid=johndoe,ou=users,dc=example,dc=com',
|
||||
scope: Net::LDAP::SearchScope_BaseObject,
|
||||
attributes: %w{uid cn dn uid userid sAMAccountName mail email userPrincipalName},
|
||||
attributes: %w{dn uid cn mail email userPrincipalName},
|
||||
filter: nil
|
||||
).and_return({})
|
||||
|
||||
|
@ -63,7 +63,7 @@ describe Gitlab::LDAP::Adapter do
|
|||
it 'uses the right uid attribute when non-default' do
|
||||
stub_ldap_config(uid: 'sAMAccountName')
|
||||
expect(adapter).to receive(:ldap_search).with(
|
||||
hash_including(attributes: %w{sAMAccountName cn dn uid userid sAMAccountName mail email userPrincipalName})
|
||||
hash_including(attributes: %w{dn sAMAccountName cn mail email userPrincipalName})
|
||||
).and_return({})
|
||||
|
||||
adapter.users('sAMAccountName', 'johndoe')
|
||||
|
|
Loading…
Reference in New Issue