Commit da86eace authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Merge branch 'sync_ldap_members' into ee-master

Signed-off-by: default avatarDmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

Conflicts:
	CHANGELOG-EE
parents 62ace459 5135b382
v 7.5.0 v 7.5.0
- Added an ability to check each author commit's email by regex - Added an ability to check each author commit's email by regex
- Added an abulity to restrict commit authors to existing Gitlab users - Added an abulity to restrict commit authors to existing Gitlab users
- Add an option for automatic daily LDAP user sync
v 7.4.0 v 7.4.0
- Support for multiple LDAP servers - Support for multiple LDAP servers
......
...@@ -114,6 +114,7 @@ gem "acts-as-taggable-on" ...@@ -114,6 +114,7 @@ gem "acts-as-taggable-on"
gem 'slim' gem 'slim'
gem 'sinatra', require: nil gem 'sinatra', require: nil
gem 'sidekiq', '2.17.0' gem 'sidekiq', '2.17.0'
gem 'sidetiq', '0.6.1'
# HTTP requests # HTTP requests
gem "httparty" gem "httparty"
......
...@@ -252,6 +252,7 @@ GEM ...@@ -252,6 +252,7 @@ GEM
multi_xml (>= 0.5.2) multi_xml (>= 0.5.2)
httpauth (0.2.1) httpauth (0.2.1)
i18n (0.6.11) i18n (0.6.11)
ice_cube (0.12.1)
ice_nine (0.10.0) ice_nine (0.10.0)
jasmine (2.0.2) jasmine (2.0.2)
jasmine-core (~> 2.0.0) jasmine-core (~> 2.0.0)
...@@ -477,6 +478,10 @@ GEM ...@@ -477,6 +478,10 @@ GEM
json json
redis (>= 3.0.4) redis (>= 3.0.4)
redis-namespace (>= 1.3.1) redis-namespace (>= 1.3.1)
sidetiq (0.6.1)
celluloid (>= 0.14.1)
ice_cube (~> 0.12.0)
sidekiq (>= 2.16.0)
simple_oauth (0.1.9) simple_oauth (0.1.9)
simplecov (0.9.0) simplecov (0.9.0)
docile (~> 1.1.0) docile (~> 1.1.0)
...@@ -686,6 +691,7 @@ DEPENDENCIES ...@@ -686,6 +691,7 @@ DEPENDENCIES
settingslogic settingslogic
shoulda-matchers (~> 2.1.0) shoulda-matchers (~> 2.1.0)
sidekiq (= 2.17.0) sidekiq (= 2.17.0)
sidetiq (= 0.6.1)
simplecov simplecov
sinatra sinatra
six six
......
class LdapSyncWorker
include Sidekiq::Worker
include Sidetiq::Schedulable
if Gitlab.config.ldap.enabled
HOUR = Gitlab.config.ldap.schedule_sync_hour
MINUTE = Gitlab.config.ldap.schedule_sync_minute
recurrence { daily.hour_of_day(HOUR).minute_of_hour(MINUTE) }
end
def perform
Rails.logger.info "Performing daily LDAP sync task."
User.ldap.find_each(batch_size: 100).each do |ldap_user|
Rails.logger.debug "Syncing user #{ldap_user.username}, #{ldap_user.email}"
Gitlab::LDAP::Access.allowed?(ldap_user)
end
end
end
...@@ -135,6 +135,14 @@ production: &base ...@@ -135,6 +135,14 @@ production: &base
# bundle exec rake gitlab:ldap:check RAILS_ENV=production # bundle exec rake gitlab:ldap:check RAILS_ENV=production
ldap: ldap:
enabled: false enabled: false
# GitLab EE only.
# In addition to refreshing users when they log in,
# enabling this setting will refresh LDAP user membership once a day.
# Default time of the day when this will happen is at 1:30am server time.
schedule_sync_hour: 1 # Hour of the day. Value from 0-23.
schedule_sync_minute: 30 # Minute of the hour. Value from 0-59.
servers: servers:
main: # 'main' is the GitLab 'provider ID' of this LDAP server main: # 'main' is the GitLab 'provider ID' of this LDAP server
## label ## label
......
...@@ -56,6 +56,8 @@ end ...@@ -56,6 +56,8 @@ end
Settings['ldap'] ||= Settingslogic.new({}) Settings['ldap'] ||= Settingslogic.new({})
Settings.ldap['enabled'] = false if Settings.ldap['enabled'].nil? Settings.ldap['enabled'] = false if Settings.ldap['enabled'].nil?
Settings.ldap['sync_time'] = 3600 if Settings.ldap['sync_time'].nil? Settings.ldap['sync_time'] = 3600 if Settings.ldap['sync_time'].nil?
Settings.ldap['schedule_sync_hour'] = 1 if Settings.ldap['schedule_sync_hour'].nil?
Settings.ldap['schedule_sync_minute'] = 30 if Settings.ldap['schedule_sync_minute'].nil?
# backwards compatibility, we only have one host # backwards compatibility, we only have one host
if Settings.ldap['enabled'] || Rails.env.test? if Settings.ldap['enabled'] || Rails.env.test?
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment