Remove traces from ldab_cn and ldap_access

Also add notes about refactoring the old single-ldap API and LdapGroupResetService

app/controllers/admin/groups_controller.rb

@@ -58,6 +58,6 @@ class Admin::GroupsController < Admin::ApplicationController
   end
 
   def group_params
-    params.require(:group).permit(:name, :description, :path, :avatar, :ldap_cn, :ldap_access)
+    params.require(:group).permit(:name, :description, :path, :avatar)
   end
 end

app/controllers/groups_controller.rb

@@ -163,6 +163,6 @@ class GroupsController < ApplicationController
   end
 
   def group_params
-    params.require(:group).permit(:name, :description, :path, :avatar, :ldap_access, :ldap_cn)
+    params.require(:group).permit(:name, :description, :path, :avatar)
   end
 end

app/models/group.rb

@@ -23,11 +23,6 @@ class Group < Namespace
   has_many :shared_projects, through: :project_group_links, source: :project
   has_many :ldap_group_links, foreign_key: 'group_id'
 
-  validates :ldap_access,
-    inclusion: { in: UsersGroup.group_access_roles.values },
-    presence: true,
-    if: ->(group) { group.ldap_cn.present? }
-
   validate :avatar_type, if: ->(user) { user.avatar_changed? }
   validates :avatar, file_size: { maximum: 100.kilobytes.to_i }
 

app/models/ldap_group_link.rb

@@ -4,6 +4,7 @@ class LdapGroupLink < ActiveRecord::Base
 
   validates :cn, :group_access, :group_id, presence: true
   validates :cn, uniqueness: { scope: :group_id }
+  validates :group_access, inclusion: { in: UsersGroup.group_access_roles.values }
 
   def access_field
     group_access

app/views/groups/members.html.haml

@@ -17,7 +17,7 @@
 
   - if current_user && current_user.can?(:manage_group, @group)
     .pull-right
-      - if ldap_enabled? && @group.ldap_cn.present?
+      - if ldap_enabled? && @group.ldap_group_links.any?
         = link_to reset_access_group_ldap_path(@group), class: 'btn btn-grouped', data: { confirm: "Reset the access level of all other LDAP group team members to '#{@group.human_ldap_access}'?" }, method: :put do
           Reset access
 

app/views/ldap_group_links/_form.html.haml

@@ -4,7 +4,7 @@
       %legend
       %div.form-holder
         .form-group.clearfix
-          = f.label :ldap_cn, class: 'control-label' do
+          = f.label :cn, class: 'control-label' do
             LDAP Group cn
           .col-sm-10
             = f.hidden_field :cn, placeholder: "Ex. QA group", class: "xxlarge ajax-ldap-groups-select input-mn-300"

lib/api/groups.rb

@@ -44,6 +44,7 @@ module API
         authenticated_as_admin!
         required_attributes! [:name, :path]
 
+        # TODO: Refactor to support multi-ldap
         attrs = attributes_for_keys [:name, :path, :ldap_cn, :ldap_access]
         @group = Group.new(attrs)
         @group.owner = current_user

lib/gitlab/ldap/access.rb

@@ -85,14 +85,6 @@ module Gitlab
         end
       end
 
-      # Remove user from GitLab group
-      def remove_user_from_groups(user_id, group_cn)
-        groups = ::Group.where(ldap_cn: group_cn)
-        groups.each do |group|
-          group.users_groups.where(user_id: user_id).destroy_all
-        end
-      end
-
       def update_admin_status(user)
         admin_group = Gitlab::LDAP::Group.find_by_cn(Gitlab.config.ldap['admin_group'], adapter)
         if admin_group.has_member?(Gitlab::LDAP::Person.find_by_dn(user.extern_uid, adapter))

spec/lib/gitlab/ldap/access_spec.rb

@@ -3,7 +3,6 @@ require 'spec_helper'
 describe Gitlab::LDAP::Access do
   let(:access) { Gitlab::LDAP::Access.new }
   let(:user) { create(:user) }
-  let!(:group) { create(:group, ldap_cn: 'oss', ldap_access: Gitlab::Access::DEVELOPER) }
 
   describe :update_user_email do
     let(:user_ldap) { create(:user, provider: 'ldap', extern_uid: "66048")}

spec/services/ldap_group_reset_service_spec.rb

 require 'spec_helper'
 
 describe LdapGroupResetService do
+  # TODO: refactor to multi-ldap setup
   let(:group) { create(:group, ldap_cn: 'developers', ldap_access: Gitlab::Access::DEVELOPER) }
   let(:user) { create(:user) }
   let(:ldap_user) { create(:user, extern_uid: 'john', provider: 'ldap') }