dc30783057
It was previously possible for invalid credential errors to go unnoticed in this task. Users would believe everything was configured correctly and then sign in would fail with 'invalid credentials'. This adds a specific bind check, plus catches errors connecting to the server. Also, specs :)
131 lines
2.5 KiB
Ruby
131 lines
2.5 KiB
Ruby
# Load a specific server configuration
|
|
module Gitlab
|
|
module LDAP
|
|
class Config
|
|
attr_accessor :provider, :options
|
|
|
|
def self.enabled?
|
|
Gitlab.config.ldap.enabled
|
|
end
|
|
|
|
def self.servers
|
|
Gitlab.config.ldap.servers.values
|
|
end
|
|
|
|
def self.providers
|
|
servers.map {|server| server['provider_name'] }
|
|
end
|
|
|
|
def self.valid_provider?(provider)
|
|
providers.include?(provider)
|
|
end
|
|
|
|
def self.invalid_provider(provider)
|
|
raise "Unknown provider (#{provider}). Available providers: #{providers}"
|
|
end
|
|
|
|
def initialize(provider)
|
|
if self.class.valid_provider?(provider)
|
|
@provider = provider
|
|
else
|
|
self.class.invalid_provider(provider)
|
|
end
|
|
@options = config_for(@provider) # Use @provider, not provider
|
|
end
|
|
|
|
def enabled?
|
|
base_config.enabled
|
|
end
|
|
|
|
def adapter_options
|
|
{
|
|
host: options['host'],
|
|
port: options['port'],
|
|
encryption: encryption
|
|
}.tap do |options|
|
|
options.merge!(auth_options) if has_auth?
|
|
end
|
|
end
|
|
|
|
def base
|
|
options['base']
|
|
end
|
|
|
|
def uid
|
|
options['uid']
|
|
end
|
|
|
|
def sync_ssh_keys?
|
|
sync_ssh_keys.present?
|
|
end
|
|
|
|
# The LDAP attribute in which the ssh keys are stored
|
|
def sync_ssh_keys
|
|
options['sync_ssh_keys']
|
|
end
|
|
|
|
def user_filter
|
|
options['user_filter']
|
|
end
|
|
|
|
def group_base
|
|
options['group_base']
|
|
end
|
|
|
|
def admin_group
|
|
options['admin_group']
|
|
end
|
|
|
|
def active_directory
|
|
options['active_directory']
|
|
end
|
|
|
|
def block_auto_created_users
|
|
options['block_auto_created_users']
|
|
end
|
|
|
|
def attributes
|
|
options['attributes']
|
|
end
|
|
|
|
def timeout
|
|
options['timeout'].to_i
|
|
end
|
|
|
|
def has_auth?
|
|
options['password'] || options['bind_dn']
|
|
end
|
|
|
|
protected
|
|
|
|
def base_config
|
|
Gitlab.config.ldap
|
|
end
|
|
|
|
def config_for(provider)
|
|
base_config.servers.values.find { |server| server['provider_name'] == provider }
|
|
end
|
|
|
|
def encryption
|
|
case options['method'].to_s
|
|
when 'ssl'
|
|
:simple_tls
|
|
when 'tls'
|
|
:start_tls
|
|
else
|
|
nil
|
|
end
|
|
end
|
|
|
|
def auth_options
|
|
{
|
|
auth: {
|
|
method: :simple,
|
|
username: options['bind_dn'],
|
|
password: options['password']
|
|
}
|
|
}
|
|
end
|
|
end
|
|
end
|
|
end
|