Merge branch 'ldap_sync_time_option' into 'master'

Ldap sync time option Related to #147 /cc @sytse @jacobvosmaer @job See merge request !155

Merge branch 'ldap_sync_time_option' into 'master'
Ldap sync time option Related to #147 /cc @sytse @jacobvosmaer @job See merge request !155
64434261 · Dmitriy Zaporozhets · e6871279 · 83a919f9 · 64434261 · 64434261
Commit 64434261 authored Aug 25, 2014 by Dmitriy Zaporozhets
5 changed files
--- a/CHANGELOG-EE
+++ b/CHANGELOG-EE
+v 7.3.0
+  - Add an option to change the LDAP sync time from default 1 hour
 v 7.2.0
  - Improve Redmine integration
  - Better logging for the JIRA issue closing service

--- a/VERSION
+++ b/VERSION
-7.2.0.rc5-ee
+7.3.0.pre-ee
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -419,7 +419,7 @@ class User < ActiveRecord::Base
    if !Gitlab.config.ldap.enabled
      false
    elsif ldap_user?
-      !last_credential_check_at || (last_credential_check_at + 1.hour) < Time.now
+      !last_credential_check_at || (last_credential_check_at + Gitlab.config.ldap['sync_time']) < Time.now
    else
      false
    end

--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@@ -134,6 +134,15 @@ production: &base
    method: 'ssl' # "tls" or "ssl" or "plain"
    bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
    password: '_the_password_of_the_bind_user'
+    # This setting controls the amount of time between LDAP permission checks for each user.
+    # After this time has expired for a given user, their next interaction with GitLab (a click in the web UI, a git pull etc.) will be slower because the LDAP permission check is being performed.
+    # How much slower depends on your LDAP setup, but it is not uncommon for this check to add seconds of waiting time.
+    # The default value is to have a 'slow click' once every 3600 seconds, i.e. once per hour.
+    #
+    # Warning: if you set this value too low, every click in GitLab will be a 'slow click' for all of your LDAP users.
+    # sync_time: 3600
    # If allow_username_or_email_login is enabled, GitLab will ignore everything
    # after the first '@' in the LDAP username submitted by the user on login.
    #
@@ -279,9 +288,9 @@ test:
    port: 80
    # When you run tests we clone and setup gitlab-shell
-    # In order to setup it correctly you need to specify 
+    # In order to setup it correctly you need to specify
    # your system username you use to run GitLab
-    # user: YOUR_USERNAME 
+    # user: YOUR_USERNAME
  satellites:
    path: tmp/tests/gitlab-satellites/
  gitlab_shell:

--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
@@ -57,6 +57,7 @@ end
 Settings['ldap'] ||= Settingslogic.new({})
 Settings.ldap['enabled'] = false if Settings.ldap['enabled'].nil?
 Settings.ldap['allow_username_or_email_login'] = false if Settings.ldap['allow_username_or_email_login'].nil?
+Settings.ldap['sync_time'] = 3600 if Settings.ldap['sync_time'].nil?
 Settings['omniauth'] ||= Settingslogic.new({})