Add group base to config. Join auth options only if provided

config/gitlab.yml.example

@@ -91,7 +91,6 @@ production: &base
   ldap:
     enabled: false
     host: '_your_ldap_server'
-    base: '_the_base_where_you_search_for_users'
     port: 636
     uid: 'sAMAccountName'
     method: 'ssl' # "ssl" or "plain"
@@ -99,6 +98,19 @@ production: &base
     password: '_the_password_of_the_bind_user'
     allow_username_or_email_login: true
 
+    # Base where we can search for users
+    #
+    #   Ex. ou=People,dc=gitlab,dc=example
+    #
+    base: ''
+
+    # Base where we can search for groups
+    #
+    #   Ex. ou=Groups,dc=gitlab,dc=example
+    #
+    group_base: ''
+
+
   ## OmniAuth settings
   omniauth:
     # Allow login via Twitter, Google, etc. using OmniAuth providers

lib/gitlab/ldap.rb

@@ -3,15 +3,24 @@ module Gitlab
     attr_reader :ldap
 
     def initialize
-      @ldap = Net::LDAP.new(
+      options = {
         host: config['host'],
         port: config['port'],
+      }
+
+      auth_options = {
         auth: {
           method: config['method'],
           username: config['bind_dn'],
           password: config['password']
         }
-      )
+      }
+
+      if config['password'] || config['bind_dn']
+        options.merge!(auth_options)
+      end
+
+      @ldap = Net::LDAP.new(options)
     end
 
     # Get LDAP groups from ou=Groups
@@ -23,7 +32,7 @@ module Gitlab
     #
     def groups(cn = "*")
       options = {
-        base: "ou=Groups,#{config['base']}",
+        base: config['group_base'],
         filter: Net::LDAP::Filter.eq("cn", cn)
       }