Add support for nested Active Directory groups

ab37a095 · Jacob Vosmaer · cc768fdd · ab37a095 · ab37a095 · ab37a095
Commit ab37a095 authored Mar 20, 2014 by Jacob Vosmaer
Hide whitespace changes
Inline Side-by-side

Showing with 12 additions and 1 deletion

CHANGELOG-EE CHANGELOG-EE +1 -0

lib/gitlab/ldap/adapter.rb lib/gitlab/ldap/adapter.rb +4 -0

lib/gitlab/ldap/group.rb lib/gitlab/ldap/group.rb +7 -1

No files found.
--- a/CHANGELOG-EE
+++ b/CHANGELOG-EE
 v 6.7.0
  - Improve LDAP sign-in speed by reusing connections
+  - Add support for Active Directory nested LDAP groups

 v 6.5.0
  - Add reset permissions button to Group#members page

--- a/lib/gitlab/ldap/adapter.rb
+++ b/lib/gitlab/ldap/adapter.rb
@@ -106,6 +106,10 @@ module Gitlab
        users(*args).first
      end

+      def dn_matches_filter?(dn, filter)
+        ldap.search(base: dn, filter: filter, attributes: %w{dn}).any?
+      end
+
      private

      def config

--- a/lib/gitlab/ldap/group.rb
+++ b/lib/gitlab/ldap/group.rb
@@ -41,8 +41,10 @@ module Gitlab
      def has_member?(user)
        if memberuid?
          member_uids.include?(user.uid)
+        elsif member_dns.include?(user.dn)
+          true
        else
-          member_dns.include?(user.dn)
+          adapter.dn_matches_filter?(user.dn, active_directory_recursive_memberof_filter)
        end
      end

@@ -61,6 +63,10 @@ module Gitlab

      private

+      def active_directory_recursive_memberof_filter
+        Net::LDAP::Filter.ex("memberOf:1.2.840.113556.1.4.1941", entry.dn)
+      end
+
      def entry
        @entry
      end