Commit c1cf5f41 authored by Douwe Maan's avatar Douwe Maan

Support simple string LDAP attribute specifications, and search for name...

Support simple string LDAP attribute specifications, and search for name rather than username attributes
parent 75d1283e
---
title: Fix signing in using LDAP when attribute mapping uses simple strings instead
of arrays
merge_request:
author:
type: fixed
...@@ -73,7 +73,7 @@ module Gitlab ...@@ -73,7 +73,7 @@ module Gitlab
private private
def user_options(field, value, limit) def user_options(field, value, limit)
options = { attributes: user_attributes } options = { attributes: Gitlab::LDAP::Person.ldap_attributes(config).compact.uniq }
options[:size] = limit if limit options[:size] = limit if limit
if field.to_sym == :dn if field.to_sym == :dn
...@@ -99,10 +99,6 @@ module Gitlab ...@@ -99,10 +99,6 @@ module Gitlab
filter filter
end end
end end
def user_attributes
%W(#{config.uid} cn dn) + config.attributes['username'] + config.attributes['email']
end
end end
end end
end end
...@@ -21,6 +21,15 @@ module Gitlab ...@@ -21,6 +21,15 @@ module Gitlab
adapter.dn_matches_filter?(dn, AD_USER_DISABLED) adapter.dn_matches_filter?(dn, AD_USER_DISABLED)
end end
def self.ldap_attributes(config)
[
'dn', # Used in `dn`
config.uid, # Used in `uid`
*config.attributes['name'], # Used in `name`
*config.attributes['email'] # Used in `email`
]
end
def initialize(entry, provider) def initialize(entry, provider)
Rails.logger.debug { "Instantiating #{self.class.name} with LDIF:\n#{entry.to_ldif}" } Rails.logger.debug { "Instantiating #{self.class.name} with LDIF:\n#{entry.to_ldif}" }
@entry = entry @entry = entry
......
...@@ -16,7 +16,7 @@ describe Gitlab::LDAP::Adapter do ...@@ -16,7 +16,7 @@ describe Gitlab::LDAP::Adapter do
expect(adapter).to receive(:ldap_search) do |arg| expect(adapter).to receive(:ldap_search) do |arg|
expect(arg[:filter].to_s).to eq('(uid=johndoe)') expect(arg[:filter].to_s).to eq('(uid=johndoe)')
expect(arg[:base]).to eq('dc=example,dc=com') expect(arg[:base]).to eq('dc=example,dc=com')
expect(arg[:attributes]).to match(%w{uid cn dn uid userid sAMAccountName mail email userPrincipalName}) expect(arg[:attributes]).to match(%w{dn uid cn mail email userPrincipalName})
end.and_return({}) end.and_return({})
adapter.users('uid', 'johndoe') adapter.users('uid', 'johndoe')
...@@ -26,7 +26,7 @@ describe Gitlab::LDAP::Adapter do ...@@ -26,7 +26,7 @@ describe Gitlab::LDAP::Adapter do
expect(adapter).to receive(:ldap_search).with( expect(adapter).to receive(:ldap_search).with(
base: 'uid=johndoe,ou=users,dc=example,dc=com', base: 'uid=johndoe,ou=users,dc=example,dc=com',
scope: Net::LDAP::SearchScope_BaseObject, scope: Net::LDAP::SearchScope_BaseObject,
attributes: %w{uid cn dn uid userid sAMAccountName mail email userPrincipalName}, attributes: %w{dn uid cn mail email userPrincipalName},
filter: nil filter: nil
).and_return({}) ).and_return({})
...@@ -63,7 +63,7 @@ describe Gitlab::LDAP::Adapter do ...@@ -63,7 +63,7 @@ describe Gitlab::LDAP::Adapter do
it 'uses the right uid attribute when non-default' do it 'uses the right uid attribute when non-default' do
stub_ldap_config(uid: 'sAMAccountName') stub_ldap_config(uid: 'sAMAccountName')
expect(adapter).to receive(:ldap_search).with( expect(adapter).to receive(:ldap_search).with(
hash_including(attributes: %w{sAMAccountName cn dn uid userid sAMAccountName mail email userPrincipalName}) hash_including(attributes: %w{dn sAMAccountName cn mail email userPrincipalName})
).and_return({}) ).and_return({})
adapter.users('sAMAccountName', 'johndoe') adapter.users('sAMAccountName', 'johndoe')
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment