Add option to gitlab config to specify if LDAP server is active directory.

This commit is contained in:
Marin Jankovski 2014-09-30 12:07:31 +02:00
parent 0c29cb3451
commit f7aba277e7
4 changed files with 25 additions and 1 deletions

View file

@ -140,6 +140,12 @@ production: &base
method: 'ssl' # "tls" or "ssl" or "plain"
bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
password: '_the_password_of_the_bind_user'
# This setting specifies if LDAP server is Active Directory LDAP server.
# For non AD servers it skips the AD specific queries.
# If your LDAP server is not AD, set this to false.
active_directory: true
# If allow_username_or_email_login is enabled, GitLab will ignore everything
# after the first '@' in the LDAP username submitted by the user on login.
#

View file

@ -57,6 +57,7 @@ end
Settings['ldap'] ||= Settingslogic.new({})
Settings.ldap['enabled'] = false if Settings.ldap['enabled'].nil?
Settings.ldap['allow_username_or_email_login'] = false if Settings.ldap['allow_username_or_email_login'].nil?
Settings.ldap['active_directory'] = true if Settings.ldap['active_directory'].nil?
Settings['omniauth'] ||= Settingslogic.new({})

View file

@ -28,7 +28,9 @@ module Gitlab
def allowed?(user)
if Gitlab::LDAP::Person.find_by_dn(user.extern_uid, adapter)
!Gitlab::LDAP::Person.disabled_via_active_directory?(user.extern_uid, adapter)
if Gitlab.config.ldap.active_directory
!Gitlab::LDAP::Person.disabled_via_active_directory?(user.extern_uid, adapter)
end
else
false
end

View file

@ -27,6 +27,21 @@ describe Gitlab::LDAP::Access do
it { should be_true }
end
context 'and has no disabled flag in active diretory' do
before {
Gitlab::LDAP::Person.stub(disabled_via_active_directory?: false)
Gitlab.config.ldap['enabled'] = true
Gitlab.config.ldap['active_directory'] = false
}
after {
Gitlab.config.ldap['enabled'] = false
Gitlab.config.ldap['active_directory'] = true
}
it { should be_false }
end
end
end
end