gitlab-org--gitlab-foss/lib/gitlab/ldap/adapter.rb

module Gitlab
  module LDAP
    class Adapter
      attr_reader :ldap

      def self.open(&block)
        Net::LDAP.open(adapter_options) do |ldap|
          block.call(self.new(ldap))
        end
      end

      def self.config
        Gitlab.config.ldap
      end

      def self.adapter_options
        encryption =
          case config['method'].to_s
          when 'ssl'
            :simple_tls
          when 'tls'
            :start_tls
          else
            nil
          end

        options = {
          host: config['host'],
          port: config['port'],
          encryption: encryption
        }

        auth_options = {
          auth: {
            method: :simple,
            username: config['bind_dn'],
            password: config['password']
          }
        }

        if config['password'] || config['bind_dn']
          options.merge!(auth_options)
        end
        options
      end


      def initialize(ldap=nil)
        @ldap = ldap || Net::LDAP.new(self.class.adapter_options)
      end

      def users(field, value)
        if field.to_sym == :dn
          options = {
            base: value,
            scope: Net::LDAP::SearchScope_BaseObject
          }
        else
          options = {
            base: config['base'],
            filter: Net::LDAP::Filter.eq(field, value)
          }
        end

        if config['user_filter'].present?
          user_filter = Net::LDAP::Filter.construct(config['user_filter'])

          options[:filter] = if options[:filter]
                               Net::LDAP::Filter.join(options[:filter], user_filter)
                             else
                               user_filter
                             end
        end

        entries = ldap_search(options).select do |entry|
          entry.respond_to? config.uid
        end

        entries.map do |entry|
          Gitlab::LDAP::Person.new(entry)
        end
      end

      def user(*args)
        users(*args).first
      end

      def dn_matches_filter?(dn, filter)
        ldap_search(base: dn, filter: filter,
          scope: Net::LDAP::SearchScope_BaseObject, attributes: %w{dn}).any?
      end

      def ldap_search(*args)
        results = ldap.search(*args)

        if results.nil?
          response = ldap.get_operation_result

          unless response.code.zero?
            Rails.logger.warn("LDAP search error: #{response.message}")
          end

          []
        else
          results
        end
      end

      private

      def config
        @config ||= self.class.config
      end
    end
  end
end