Class: Gitlab::Auth::Ldap::Config

Inherits:
Object
  • Object
show all
Defined in:
lib/gitlab/auth/ldap/config.rb

Constant Summary collapse

NET_LDAP_ENCRYPTION_METHOD =
{
  simple_tls: :simple_tls,
  start_tls:  :start_tls,
  plain:      nil
}.freeze
InvalidProvider =
Class.new(StandardError)

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(provider) ⇒ Config

Returns a new instance of Config.


56
57
58
59
60
61
62
63
64
# File 'lib/gitlab/auth/ldap/config.rb', line 56

def initialize(provider)
  if self.class.valid_provider?(provider)
    @provider = provider
  else
    self.class.invalid_provider(provider)
  end

  @options = config_for(@provider) # Use @provider, not provider
end

Instance Attribute Details

#optionsObject

Returns the value of attribute options


14
15
16
# File 'lib/gitlab/auth/ldap/config.rb', line 14

def options
  @options
end

#providerObject

Returns the value of attribute provider


14
15
16
# File 'lib/gitlab/auth/ldap/config.rb', line 14

def provider
  @provider
end

Class Method Details

._available_serversObject


40
41
42
# File 'lib/gitlab/auth/ldap/config.rb', line 40

def self._available_servers
  Array.wrap(servers.first)
end

.available_serversObject


34
35
36
37
38
# File 'lib/gitlab/auth/ldap/config.rb', line 34

def self.available_servers
  return [] unless enabled?

  _available_servers
end

.enabled?Boolean

Returns:

  • (Boolean)

18
19
20
# File 'lib/gitlab/auth/ldap/config.rb', line 18

def self.enabled?
  Gitlab.config.ldap.enabled
end

.invalid_provider(provider) ⇒ Object

Raises:


52
53
54
# File 'lib/gitlab/auth/ldap/config.rb', line 52

def self.invalid_provider(provider)
  raise InvalidProvider.new("Unknown provider (#{provider}). Available providers: #{providers}")
end

.prevent_ldap_sign_in?Boolean

Returns:

  • (Boolean)

26
27
28
# File 'lib/gitlab/auth/ldap/config.rb', line 26

def self.prevent_ldap_sign_in?
  Gitlab.config.ldap.
end

.providersObject


44
45
46
# File 'lib/gitlab/auth/ldap/config.rb', line 44

def self.providers
  servers.map { |server| server['provider_name'] }
end

.serversObject


30
31
32
# File 'lib/gitlab/auth/ldap/config.rb', line 30

def self.servers
  Gitlab.config.ldap['servers']&.values || []
end

.sign_in_enabled?Boolean

Returns:

  • (Boolean)

22
23
24
# File 'lib/gitlab/auth/ldap/config.rb', line 22

def self.
  enabled? && !prevent_ldap_sign_in?
end

.valid_provider?(provider) ⇒ Boolean

Returns:

  • (Boolean)

48
49
50
# File 'lib/gitlab/auth/ldap/config.rb', line 48

def self.valid_provider?(provider)
  providers.include?(provider)
end

Instance Method Details

#active_directoryObject


137
138
139
# File 'lib/gitlab/auth/ldap/config.rb', line 137

def active_directory
  options['active_directory']
end

#adapter_optionsObject


70
71
72
73
74
75
76
77
78
# File 'lib/gitlab/auth/ldap/config.rb', line 70

def adapter_options
  opts = base_options.merge(
    encryption: encryption_options
  )

  opts.merge!(auth_options) if has_auth?

  opts
end

#admin_groupObject


133
134
135
# File 'lib/gitlab/auth/ldap/config.rb', line 133

def admin_group
  options['admin_group']
end

#allow_username_or_email_loginObject


161
162
163
# File 'lib/gitlab/auth/ldap/config.rb', line 161

def 
  options['allow_username_or_email_login']
end

#attributesObject


145
146
147
# File 'lib/gitlab/auth/ldap/config.rb', line 145

def attributes
  default_attributes.merge(options['attributes'])
end

#baseObject


100
101
102
# File 'lib/gitlab/auth/ldap/config.rb', line 100

def base
  @base ||= Person.normalize_dn(options['base'])
end

#block_auto_created_usersObject


141
142
143
# File 'lib/gitlab/auth/ldap/config.rb', line 141

def block_auto_created_users
  options['block_auto_created_users']
end

#constructed_user_filterObject


125
126
127
# File 'lib/gitlab/auth/ldap/config.rb', line 125

def constructed_user_filter
  @constructed_user_filter ||= Net::LDAP::Filter.construct(user_filter)
end

#default_attributesObject


177
178
179
180
181
182
183
184
185
# File 'lib/gitlab/auth/ldap/config.rb', line 177

def default_attributes
  {
    'username'    => %W(#{uid} uid sAMAccountName userid).uniq,
    'email'       => %w(mail email userPrincipalName),
    'name'        => 'cn',
    'first_name'  => 'givenName',
    'last_name'   => 'sn'
  }
end

#enabled?Boolean

Returns:

  • (Boolean)

66
67
68
# File 'lib/gitlab/auth/ldap/config.rb', line 66

def enabled?
  base_config.enabled
end

#external_groupsObject


153
154
155
# File 'lib/gitlab/auth/ldap/config.rb', line 153

def external_groups
  options['external_groups'] || []
end

#group_baseObject


129
130
131
# File 'lib/gitlab/auth/ldap/config.rb', line 129

def group_base
  options['group_base']
end

#has_auth?Boolean

Returns:

  • (Boolean)

157
158
159
# File 'lib/gitlab/auth/ldap/config.rb', line 157

def has_auth?
  options['password'] || options['bind_dn']
end

#labelObject


108
109
110
# File 'lib/gitlab/auth/ldap/config.rb', line 108

def label
  options['label']
end

#lowercase_usernamesObject


165
166
167
# File 'lib/gitlab/auth/ldap/config.rb', line 165

def lowercase_usernames
  options['lowercase_usernames']
end

#name_procObject


169
170
171
172
173
174
175
# File 'lib/gitlab/auth/ldap/config.rb', line 169

def name_proc
  if 
    proc { |name| name.gsub(/@.*\z/, '') }
  else
    proc { |name| name }
  end
end

#omniauth_optionsObject


80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
# File 'lib/gitlab/auth/ldap/config.rb', line 80

def omniauth_options
  opts = base_options.merge(
    base: base,
    encryption: options['encryption'],
    filter: omniauth_user_filter,
    name_proc: name_proc,
    disable_verify_certificates: !options['verify_certificates'],
    tls_options: tls_options
  )

  if has_auth?
    opts.merge!(
      bind_dn: options['bind_dn'],
      password: options['password']
    )
  end

  opts
end

#sync_ssh_keysObject

The LDAP attribute in which the ssh keys are stored


117
118
119
# File 'lib/gitlab/auth/ldap/config.rb', line 117

def sync_ssh_keys
  options['sync_ssh_keys']
end

#sync_ssh_keys?Boolean

Returns:

  • (Boolean)

112
113
114
# File 'lib/gitlab/auth/ldap/config.rb', line 112

def sync_ssh_keys?
  sync_ssh_keys.present?
end

#timeoutObject


149
150
151
# File 'lib/gitlab/auth/ldap/config.rb', line 149

def timeout
  options['timeout'].to_i
end

#uidObject


104
105
106
# File 'lib/gitlab/auth/ldap/config.rb', line 104

def uid
  options['uid']
end

#user_filterObject


121
122
123
# File 'lib/gitlab/auth/ldap/config.rb', line 121

def user_filter
  options['user_filter']
end