Commit abd6d821 authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Merge branch 'recursive_ldap_groups' into 'master'

Recursive LDAP groups (ActiveDirectory only)
parents f716b2f5 8722d6bd
v 6.7.0 v 6.7.0
- Improve LDAP sign-in speed by reusing connections - Improve LDAP sign-in speed by reusing connections
- Add support for Active Directory nested LDAP groups
v 6.5.0 v 6.5.0
- Add reset permissions button to Group#members page - Add reset permissions button to Group#members page
......
...@@ -63,7 +63,7 @@ module Gitlab ...@@ -63,7 +63,7 @@ module Gitlab
options.merge!(size: size) if size options.merge!(size: size) if size
ldap.search(options).map do |entry| ldap.search(options).map do |entry|
Gitlab::LDAP::Group.new(entry) Gitlab::LDAP::Group.new(entry, self)
end end
end end
...@@ -106,6 +106,10 @@ module Gitlab ...@@ -106,6 +106,10 @@ module Gitlab
users(*args).first users(*args).first
end end
def dn_matches_filter?(dn, filter)
ldap.search(base: dn, filter: filter, attributes: %w{dn}).any?
end
private private
def config def config
......
...@@ -12,9 +12,10 @@ module Gitlab ...@@ -12,9 +12,10 @@ module Gitlab
adapter.group(cn) adapter.group(cn)
end end
def initialize(entry) def initialize(entry, adapter=nil)
Rails.logger.debug { "Instantiating #{self.class.name} with LDIF:\n#{entry.to_ldif}" } Rails.logger.debug { "Instantiating #{self.class.name} with LDIF:\n#{entry.to_ldif}" }
@entry = entry @entry = entry
@adapter = adapter
end end
def cn def cn
...@@ -40,8 +41,10 @@ module Gitlab ...@@ -40,8 +41,10 @@ module Gitlab
def has_member?(user) def has_member?(user)
if memberuid? if memberuid?
member_uids.include?(user.uid) member_uids.include?(user.uid)
elsif member_dns.include?(user.dn)
true
else else
member_dns.include?(user.dn) adapter.dn_matches_filter?(user.dn, active_directory_recursive_memberof_filter)
end end
end end
...@@ -60,6 +63,12 @@ module Gitlab ...@@ -60,6 +63,12 @@ module Gitlab
private private
# We use the ActiveDirectory LDAP_MATCHING_RULE_IN_CHAIN matching rule; see
# http://msdn.microsoft.com/en-us/library/aa746475%28VS.85%29.aspx#code-snippet-5
def active_directory_recursive_memberof_filter
Net::LDAP::Filter.ex("memberOf:1.2.840.113556.1.4.1941", entry.dn)
end
def entry def entry
@entry @entry
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment