Commit 86d9a782 authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Merge branch 'ee-stable-fix-ldap-check' into '7-4-stable-ee'

Fix ldap check [stable]

See merge request !214
parents 348d03b1 829bd6ff
......@@ -46,7 +46,7 @@ module Gitlab
groups(*args).first
end
def users(field, value)
def users(field, value, limit = nil)
if field.to_sym == :dn
options = {
base: value,
......@@ -69,6 +69,10 @@ module Gitlab
end
end
if limit.present?
options.merge!(size: limit)
end
entries = ldap_search(options).select do |entry|
entry.respond_to? config.uid
end
......
......@@ -664,7 +664,7 @@ namespace :gitlab do
warn_user_is_not_gitlab
start_checking "LDAP"
if ldap_config.enabled
if Gitlab::LDAP::Config.enabled?
print_users(args.limit)
else
puts 'LDAP is disabled in config/gitlab.yml'
......@@ -675,39 +675,19 @@ namespace :gitlab do
def print_users(limit)
puts "LDAP users with access to your GitLab server (only showing the first #{limit} results)"
ldap.search(attributes: attributes, filter: filter, size: limit, return_result: false) do |entry|
puts "DN: #{entry.dn}\t#{ldap_config.uid}: #{entry[ldap_config.uid]}"
end
end
def attributes
[ldap_config.uid]
end
def filter
uid_filter = Net::LDAP::Filter.present?(ldap_config.uid)
if user_filter
Net::LDAP::Filter.join(uid_filter, user_filter)
else
uid_filter
end
end
servers = Gitlab.config.ldap.servers.keys
def user_filter
if ldap_config['user_filter'] && ldap_config.user_filter.present?
Net::LDAP::Filter.construct(ldap_config.user_filter)
else
nil
servers.each do |server|
puts "Server: #{server}"
Gitlab::LDAP::Adapter.open("ldap#{server}") do |adapter|
users = adapter.users(adapter.config.uid, '*', 100)
users.each do |user|
puts "\tDN: #{user.dn}\t #{adapter.config.uid}: #{user.uid}"
end
end
end
end
def ldap
@ldap ||= OmniAuth::LDAP::Adaptor.new(ldap_config).connection
end
def ldap_config
@ldap_config ||= Gitlab.config.ldap
end
end
# Helper methods
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment