From e1cf9c15eb38cd830a52de41b9c242add0b76767 Mon Sep 17 00:00:00 2001
From: Jan-Willem van der Meer <mail@jewilmeer.nl>
Date: Mon, 13 Oct 2014 14:04:10 +0200
Subject: [PATCH] Apply configuration changes for Multiple LDAP servers

---
 config/initializers/1_settings.rb | 18 ++++++++++++++++--
 config/initializers/7_omniauth.rb |  4 ++++
 config/initializers/devise.rb     | 30 ++++++++++++++++--------------
 3 files changed, 36 insertions(+), 16 deletions(-)
 create mode 100644 config/initializers/7_omniauth.rb

diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb
index 0d11ae6f33f..abd0c970554 100644
--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
@@ -56,9 +56,23 @@ end
 # Default settings
 Settings['ldap'] ||= Settingslogic.new({})
 Settings.ldap['enabled'] = false if Settings.ldap['enabled'].nil?
-Settings.ldap['allow_username_or_email_login'] = false if Settings.ldap['allow_username_or_email_login'].nil?
-Settings.ldap['active_directory'] = true if Settings.ldap['active_directory'].nil?
 
+# backwards compatibility, we only have one host
+if Settings.ldap['enabled'] || Rails.env.test?
+  if Settings.ldap['host'].present?
+    server = Settings.ldap.except('sync_time')
+    server['label'] = 'LDAP'
+    server['provider_id'] = ''
+    Settings.ldap['servers'] = [server]
+  end
+
+  Settings.ldap['servers'].each do |server|
+    server['allow_username_or_email_login'] = false if server['allow_username_or_email_login'].nil?
+    server['active_directory'] = true if server['active_directory'].nil?
+    server['provider_name'] = "ldap#{server['provider_id']}".downcase
+    server['provider_class'] = OmniAuth::Utils.camelize(server['provider_name'])
+  end
+end
 
 Settings['omniauth'] ||= Settingslogic.new({})
 Settings.omniauth['enabled']      = false if Settings.omniauth['enabled'].nil?
diff --git a/config/initializers/7_omniauth.rb b/config/initializers/7_omniauth.rb
new file mode 100644
index 00000000000..1f569dbe91c
--- /dev/null
+++ b/config/initializers/7_omniauth.rb
@@ -0,0 +1,4 @@
+module OmniAuth::Strategies
+  server = Gitlab.config.ldap.servers.first
+  const_set(server.provider_class, Class.new(LDAP))
+end
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
index 34f4f386988..7770f018a15 100644
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -205,21 +205,23 @@ Devise.setup do |config|
   # end
 
   if Gitlab.config.ldap.enabled
-    if Gitlab.config.ldap.allow_username_or_email_login
-      email_stripping_proc = ->(name) {name.gsub(/@.*$/,'')}
-    else
-      email_stripping_proc = ->(name) {name}
-    end
+    Gitlab.config.ldap.servers.each do |server|
+      if server['allow_username_or_email_login']
+        email_stripping_proc = ->(name) {name.gsub(/@.*$/,'')}
+      else
+        email_stripping_proc = ->(name) {name}
+      end
 
-    config.omniauth :ldap,
-      host:     Gitlab.config.ldap['host'],
-      base:     Gitlab.config.ldap['base'],
-      uid:      Gitlab.config.ldap['uid'],
-      port:     Gitlab.config.ldap['port'],
-      method:   Gitlab.config.ldap['method'],
-      bind_dn:  Gitlab.config.ldap['bind_dn'],
-      password: Gitlab.config.ldap['password'],
-      name_proc: email_stripping_proc
+      config.omniauth server.provider_name,
+        host:     server['host'],
+        base:     server['base'],
+        uid:      server['uid'],
+        port:     server['port'],
+        method:   server['method'],
+        bind_dn:  server['bind_dn'],
+        password: server['password'],
+        name_proc: email_stripping_proc
+    end
   end
 
   Gitlab.config.omniauth.providers.each do |provider|