Commit graph

21 commits

Author SHA1 Message Date
Gabriel Mazetto
5ee6badade Unblocks user when active_directory is disabled and it can be found 2016-04-05 16:34:31 -03:00
Douwe Maan
4d64a32c88 Merge branch 'feature/ldap-sync-edgecases' into 'master'
LDAP Sync blocked user edgecases

Allow GitLab admins to block otherwise valid GitLab LDAP users
(https://gitlab.com/gitlab-org/gitlab-ce/issues/3462)

Based on the discussion on the original issue, we are going to differentiate "normal" block operations to the ldap automatic ones in order to make some decisions when its one or the other.

Expected behavior:

- [x] "ldap_blocked" users respond to both `blocked?` and `ldap_blocked?`
- [x] "ldap_blocked" users can't be unblocked by the Admin UI
- [x] "ldap_blocked" users can't be unblocked by the API
- [x] Block operations that are originated from LDAP synchronization will flag user as "ldap_blocked"
- [x] Only "ldap_blocked" users will be automatically unblocked by LDAP synchronization
- [x] When LDAP identity is removed, we should convert `ldap_blocked` into `blocked`
 
Mockup for the Admin UI with both "ldap_blocked" and normal "blocked" users:
![image](/uploads/4f56fc17b73cb2c9e2a154a22e7ad291/image.png)

There will be another MR for the EE version.

See merge request !2242
2016-01-14 11:00:08 +00:00
Gabriel Mazetto
dd6fc01ff8 fixed LDAP activation on login to use new ldap_blocked state 2016-01-14 03:31:27 -02:00
Drew Blessing
67aa0b8c4c Optimize LDAP and add a search timeout 2016-01-11 08:17:32 -06:00
Gabriel Mazetto
47e4613f4a Code style fixes and some code simplified 2016-01-08 16:26:04 -02:00
Gabriel Mazetto
d6dc088aff LDAP synchronization block/unblock new states 2016-01-08 16:26:04 -02:00
Drew Blessing
bf5683f889 Block LDAP user when they are no longer found in the LDAP server 2015-12-08 11:15:30 -06:00
Douwe Maan
125cb9b866 Don't accidentally unblock auto created users from Active Directory. 2015-05-12 11:26:43 +02:00
Douwe Maan
8fed435208 Unblock user if they were unblocked in AD. 2015-03-13 22:34:11 +01:00
Dmitriy Zaporozhets
e7f4f0ae1d Block user if he/she was blocked in Active Directory 2015-03-12 11:53:21 -07:00
Valery Sizov
3a5ed5260b Supporting for multiple omniauth provider for the same user 2014-12-04 13:03:55 +02:00
Jan-Willem van der Meer
b229b0f003 Fix authorization for LDAP login 2014-10-14 09:40:35 +02:00
Jan-Willem van der Meer
01b791237c Refactor lib files for multiple LDAP groups 2014-10-13 17:24:05 +02:00
Marin Jankovski
f7aba277e7 Add option to gitlab config to specify if LDAP server is active directory. 2014-09-30 12:07:31 +02:00
Jan-Willem van der Meer
c0323b40ee Refactor: beter naming for active directory disabled users 2014-09-01 16:35:18 +02:00
Jacob Vosmaer
669682686e Move LDAP timeout code to Gitlab::LDAP::Access 2014-08-06 18:03:01 +02:00
Jacob Vosmaer
be1120e968 Improve ad_disabled method name 2014-05-14 19:13:06 +02:00
Jacob Vosmaer
a6e4153878 Check for the AD disabled flag in Access#allowed? 2014-05-14 18:32:40 +02:00
Jacob Vosmaer
56df3dbff2 Add Gitlab::LDAP::Access.open
This new method wraps Gitlab::LDAP::Adapter.open to enable connection
reuse.
2014-03-14 08:55:50 +01:00
Dmitriy Zaporozhets
0fdab6a747
Remove copyright
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2014-03-10 17:09:45 +02:00
Dmitriy Zaporozhets
daa7f077db
Port LDAP code from EE
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2014-03-10 14:48:08 +02:00