Fix merge conflicts

Due to the complicated merge, part of the new functionalilty is inserted here

lib/api/ldap.rb

@@ -10,7 +10,10 @@ module API
       # Example Request:
       #  GET /ldap/groups
       get 'groups' do
-        @groups = Gitlab::LDAP::Adapter.new.groups("#{params[:search]}*", 20)
+        # NOTE: this should be deprecated in favour of /ldap/PROVIDER_NAME/groups
+        # for now we just select the first LDAP server
+        provider = Gitlab::LDAP::Config.servers.first['provider_name']
+        @groups = Gitlab::LDAP::Adapter.new(provider).groups("#{params[:search]}*", 20)
         present @groups, with: Entities::LdapGroup
       end
     end

lib/gitlab/ldap/access.rb

 # LDAP authorization model
 #
 # * Check if we are allowed access (not blocked)
+# * Update authorizations and associations
 #
 module Gitlab
   module LDAP
     class Access
-      attr_reader :adapter, :provider, :user
+      attr_reader :adapter, :provider, :user, :ldap_user
 
       def self.open(user, &block)
         Gitlab::LDAP::Adapter.open(user.provider) do |adapter|
@@ -14,7 +15,7 @@ module Gitlab
       end
 
       def self.allowed?(user)
-        self.open do |access|
+        self.open(user) do |access|
           if access.allowed?
             access.update_permissions
             access.update_email
@@ -52,31 +53,28 @@ module Gitlab
         Gitlab::LDAP::Config.new(provider)
       end
 
-      def get_ldap_user(user)
-        @ldap_user ||= Gitlab::LDAP::Person.find_by_dn(user.extern_uid)
+      def ldap_user
+        @ldap_user ||= Gitlab::LDAP::Person.find_by_dn(user.extern_uid, adapter)
       end
 
-      def update_permissions(user)
-        if Gitlab.config.ldap['sync_ssh_keys']
-          update_ssh_keys(user)
+      def update_permissions
+        if sync_ssh_keys?
+          update_ssh_keys
         end
 
         # Skip updating group permissions
         # if instance does not use group_base setting
-        return true unless Gitlab.config.ldap['group_base'].present?
+        return true unless group_base.present?
 
-        update_ldap_group_links(user)
+        update_ldap_group_links
 
-        if Gitlab.config.ldap['admin_group'].present?
-          update_admin_status(user)
+        if admin_group.present?
+          update_admin_status
         end
       end
 
       # Update user ssh keys if they changed in LDAP
-      def update_ssh_keys(user)
-        # Get LDAP user entry
-        ldap_user = get_ldap_user(user)
-
+      def update_ssh_keys
         user.keys.ldap.where.not(key: ldap_user.ssh_keys).each do |deleted_key|
           Rails.logger.info "#{self.class.name}: removing LDAP SSH key #{deleted_key.key} from #{user.name} (#{user.id})"
           unless deleted_key.destroy
@@ -86,7 +84,7 @@ module Gitlab
 
         (ldap_user.ssh_keys - user.keys.ldap.pluck(:key)).each do |key|
           Rails.logger.info "#{self.class.name}: adding LDAP SSH key #{key.inspect} to #{user.name} (#{user.id})"
-          new_key = LDAPKey.new(title: "LDAP - #{Gitlab.config.ldap['sync_ssh_keys']}", key: key)
+          new_key = LDAPKey.new(title: "LDAP - #{ldap_config.sync_ssh_keys}", key: key)
           new_key.user = user
           unless new_key.save
             Rails.logger.error "#{self.class.name}: failed to add LDAP SSH key #{key.inspect} to #{user.name} (#{user.id})\n"\
@@ -96,16 +94,12 @@ module Gitlab
       end
 
       # Update user email if it changed in LDAP
-      def update_email(user)
-        uid = user.extern_uid
-        ldap_user = get_ldap_user(user)
-        gitlab_user = ::User.where(provider: 'ldap', extern_uid: uid).last
-
-        if gitlab_user && ldap_user && ldap_user.email
+      def update_email
+        if ldap_user.try(:email)
           ldap_email = ldap_user.email.last.to_s.downcase
 
-          if (gitlab_user.email != ldap_email)
-            gitlab_user.update(email: ldap_email)
+          if (user.email != ldap_email)
+            user.update(email: ldap_email)
           else
             false
           end
@@ -114,8 +108,8 @@ module Gitlab
         end
       end
 
-      def update_admin_status(user)
-        admin_group = Gitlab::LDAP::Group.find_by_cn(Gitlab.config.ldap['admin_group'], adapter)
+      def update_admin_status
+        admin_group = Gitlab::LDAP::Group.find_by_cn(ldap_config.admin_group, adapter)
         if admin_group.has_member?(Gitlab::LDAP::Person.find_by_dn(user.extern_uid, adapter))
           unless user.admin?
             user.admin = true
@@ -130,9 +124,9 @@ module Gitlab
       end
 
       # Loop throug all ldap conneted groups, and update the users link with it
-      def update_ldap_group_links(user)
+      def update_ldap_group_links
         gitlab_groups_with_ldap_link.each do |group|
-          active_group_links = group.ldap_group_links.where(cn: cns_with_access(get_ldap_user(user)))
+          active_group_links = group.ldap_group_links.where(cn: cns_with_access)
 
           if active_group_links.any?
             group.add_users([user.id], fetch_group_access(group, user, active_group_links))
@@ -149,12 +143,24 @@ module Gitlab
       end
 
       # returns a collection of cn strings to which the user has access
-      def cns_with_access(ldap_user)
+      def cns_with_access
         @ldap_groups_with_access ||= ldap_groups.select do |ldap_group|
           ldap_group.has_member?(ldap_user)
         end.map(&:cn)
       end
 
+      def sync_ssh_keys?
+        ldap_config.sync_ssh_keys?
+      end
+
+      def group_base
+        ldap_config.group_base
+      end
+
+      def admin_group
+        ldap_config.admin_group
+      end
+
       private
       def gitlab_groups_with_ldap_link
         ::Group.includes(:ldap_group_links).references(:ldap_group_links).

lib/gitlab/ldap/person.rb

@@ -47,9 +47,8 @@ module Gitlab
       end
 
       def ssh_keys
-        ssh_keys_attribute = Gitlab.config.ldap['sync_ssh_keys'].to_sym
-        if entry.respond_to?(ssh_keys_attribute)
-          entry[ssh_keys_attribute]
+        if config.sync_ssh_keys? && entry.respond_to?(config.sync_ssh_keys)
+          entry[config.sync_ssh_keys.to_sym]
         else
           []
         end