Commit 73b92f85 authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Merge branch 'add_active_directory_ldap_option' into 'master'

Add active directory ldap option

Fixes #1557

See merge request !1139
parents 88d3e97e f7aba277
......@@ -140,6 +140,12 @@ production: &base
method: 'ssl' # "tls" or "ssl" or "plain"
bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
password: '_the_password_of_the_bind_user'
# This setting specifies if LDAP server is Active Directory LDAP server.
# For non AD servers it skips the AD specific queries.
# If your LDAP server is not AD, set this to false.
active_directory: true
# If allow_username_or_email_login is enabled, GitLab will ignore everything
# after the first '@' in the LDAP username submitted by the user on login.
#
......
......@@ -57,6 +57,7 @@ end
Settings['ldap'] ||= Settingslogic.new({})
Settings.ldap['enabled'] = false if Settings.ldap['enabled'].nil?
Settings.ldap['allow_username_or_email_login'] = false if Settings.ldap['allow_username_or_email_login'].nil?
Settings.ldap['active_directory'] = true if Settings.ldap['active_directory'].nil?
Settings['omniauth'] ||= Settingslogic.new({})
......
......@@ -28,7 +28,9 @@ module Gitlab
def allowed?(user)
if Gitlab::LDAP::Person.find_by_dn(user.extern_uid, adapter)
if Gitlab.config.ldap.active_directory
!Gitlab::LDAP::Person.disabled_via_active_directory?(user.extern_uid, adapter)
end
else
false
end
......
......@@ -27,6 +27,21 @@ describe Gitlab::LDAP::Access do
it { should be_true }
end
context 'and has no disabled flag in active diretory' do
before {
Gitlab::LDAP::Person.stub(disabled_via_active_directory?: false)
Gitlab.config.ldap['enabled'] = true
Gitlab.config.ldap['active_directory'] = false
}
after {
Gitlab.config.ldap['enabled'] = false
Gitlab.config.ldap['active_directory'] = true
}
it { should be_false }
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment