• Oleg Girko's avatar
    Make SSH keys synchronisation with LDAP not delete keys added by users. · edaaac2f
    Oleg Girko authored
    This is done by using a separate LDAPKey model (inherited from Key)
    for storing SSH keys which came from LDAP.
    These keys can be viewed from user profile, but they can not be deleted.
    
    Signed-off-by: Oleg Girko <oleg.girko@jollamobile.com> (+2 squashed commits)
    Squashed commits:
    [52b3816] Made SSH key synchronisation with LDAP configurable.
    
    Now it can be turned on or off using configuration option
    sync_ssh_keys in ldap section.
    The default is off to preserve compatibility with old behaviour.
    Signed-off-by: default avatarOleg Girko <oleg.girko@jollamobile.com>
    [02f988d] Synchronise LDAP users SSH keys from LDAP automatically.
    
    SSH public keys are synchronised from sshPublicKey LDAP attribute
    upon login attempt and during regular LDAP security checks.
    New keys are added, old keys not present in LDAP are deleted.
    
    Signed-off-by: Oleg Girko <oleg.girko@jollamobile.com> (+1 squashed commit)
    Squashed commits:
    [f087fbc] Make Gitlab::LDAP::Person.entry method public.
    
    This is needed to allow access control methods to access
    arbitrary LDAP attributes.
    Signed-off-by: default avatarOleg Girko <oleg.girko@jollamobile.com>
    edaaac2f
access.rb 4.16 KB