Class: Gitlab::Auth::Ldap::Config
- Inherits:
-
Object
- Object
- Gitlab::Auth::Ldap::Config
- Defined in:
- lib/gitlab/auth/ldap/config.rb
Constant Summary collapse
- NET_LDAP_ENCRYPTION_METHOD =
{ simple_tls: :simple_tls, start_tls: :start_tls, plain: nil }.freeze
- InvalidProvider =
Class.new(StandardError)
Instance Attribute Summary collapse
-
#options ⇒ Object
Returns the value of attribute options.
-
#provider ⇒ Object
Returns the value of attribute provider.
Class Method Summary collapse
- ._available_servers ⇒ Object
- .available_providers ⇒ Object
- .available_servers ⇒ Object
- .enabled? ⇒ Boolean
- .encrypted_secrets ⇒ Object
- .invalid_provider(provider) ⇒ Object
- .prevent_ldap_sign_in? ⇒ Boolean
- .providers ⇒ Object
- .servers ⇒ Object
- .sign_in_enabled? ⇒ Boolean
- .valid_provider?(provider) ⇒ Boolean
Instance Method Summary collapse
- #active_directory ⇒ Object
- #adapter_options ⇒ Object
- #admin_group ⇒ Object
- #allow_username_or_email_login ⇒ Object
- #attributes ⇒ Object
- #base ⇒ Object
- #block_auto_created_users ⇒ Object
- #constructed_user_filter ⇒ Object
- #default_attributes ⇒ Object
- #enabled? ⇒ Boolean
- #external_groups ⇒ Object
- #group_base ⇒ Object
- #has_auth? ⇒ Boolean
-
#initialize(provider) ⇒ Config
constructor
A new instance of Config.
- #label ⇒ Object
- #lowercase_usernames ⇒ Object
- #name_proc ⇒ Object
- #omniauth_options ⇒ Object
- #retry_empty_result_with_codes ⇒ Object
- #sync_name ⇒ Object
-
#sync_ssh_keys ⇒ Object
The LDAP attribute in which the ssh keys are stored.
- #sync_ssh_keys? ⇒ Boolean
- #timeout ⇒ Object
- #uid ⇒ Object
- #user_filter ⇒ Object
Constructor Details
#initialize(provider) ⇒ Config
Returns a new instance of Config.
69 70 71 72 73 74 75 76 77 |
# File 'lib/gitlab/auth/ldap/config.rb', line 69 def initialize(provider) if self.class.valid_provider?(provider) @provider = provider else self.class.invalid_provider(provider) end @options = config_for(@provider) # Use @provider, not provider end |
Instance Attribute Details
#options ⇒ Object
Returns the value of attribute options.
14 15 16 |
# File 'lib/gitlab/auth/ldap/config.rb', line 14 def @options end |
#provider ⇒ Object
Returns the value of attribute provider.
14 15 16 |
# File 'lib/gitlab/auth/ldap/config.rb', line 14 def provider @provider end |
Class Method Details
._available_servers ⇒ Object
40 41 42 |
# File 'lib/gitlab/auth/ldap/config.rb', line 40 def self._available_servers Array.wrap(servers.first) end |
.available_providers ⇒ Object
48 49 50 |
# File 'lib/gitlab/auth/ldap/config.rb', line 48 def self.available_providers provider_names_from_servers(available_servers) end |
.available_servers ⇒ Object
34 35 36 37 38 |
# File 'lib/gitlab/auth/ldap/config.rb', line 34 def self.available_servers return [] unless enabled? _available_servers end |
.enabled? ⇒ Boolean
18 19 20 |
# File 'lib/gitlab/auth/ldap/config.rb', line 18 def self.enabled? Gitlab.config.ldap.enabled end |
.encrypted_secrets ⇒ Object
65 66 67 |
# File 'lib/gitlab/auth/ldap/config.rb', line 65 def self.encrypted_secrets Settings.encrypted(Gitlab.config.ldap.secret_file) end |
.invalid_provider(provider) ⇒ Object
61 62 63 |
# File 'lib/gitlab/auth/ldap/config.rb', line 61 def self.invalid_provider(provider) raise InvalidProvider, "Unknown provider (#{provider}). Available providers: #{providers}" end |
.prevent_ldap_sign_in? ⇒ Boolean
26 27 28 |
# File 'lib/gitlab/auth/ldap/config.rb', line 26 def self.prevent_ldap_sign_in? Gitlab.config.ldap.prevent_ldap_sign_in end |
.providers ⇒ Object
44 45 46 |
# File 'lib/gitlab/auth/ldap/config.rb', line 44 def self.providers provider_names_from_servers(servers) end |
.servers ⇒ Object
30 31 32 |
# File 'lib/gitlab/auth/ldap/config.rb', line 30 def self.servers Gitlab.config.ldap.servers&.values || [] end |
.sign_in_enabled? ⇒ Boolean
22 23 24 |
# File 'lib/gitlab/auth/ldap/config.rb', line 22 def self.sign_in_enabled? enabled? && !prevent_ldap_sign_in? end |
.valid_provider?(provider) ⇒ Boolean
57 58 59 |
# File 'lib/gitlab/auth/ldap/config.rb', line 57 def self.valid_provider?(provider) providers.include?(provider) end |
Instance Method Details
#active_directory ⇒ Object
151 152 153 |
# File 'lib/gitlab/auth/ldap/config.rb', line 151 def active_directory ['active_directory'] end |
#adapter_options ⇒ Object
83 84 85 86 87 88 89 90 91 92 |
# File 'lib/gitlab/auth/ldap/config.rb', line 83 def opts = .merge( encryption: , instrumentation_service: ActiveSupport::Notifications ) opts.merge!() if has_auth? opts end |
#admin_group ⇒ Object
147 148 149 |
# File 'lib/gitlab/auth/ldap/config.rb', line 147 def admin_group ['admin_group'] end |
#allow_username_or_email_login ⇒ Object
179 180 181 |
# File 'lib/gitlab/auth/ldap/config.rb', line 179 def allow_username_or_email_login ['allow_username_or_email_login'] end |
#attributes ⇒ Object
159 160 161 |
# File 'lib/gitlab/auth/ldap/config.rb', line 159 def attributes default_attributes.merge(['attributes']) end |
#base ⇒ Object
114 115 116 |
# File 'lib/gitlab/auth/ldap/config.rb', line 114 def base @base ||= Person.normalize_dn(['base']) end |
#block_auto_created_users ⇒ Object
155 156 157 |
# File 'lib/gitlab/auth/ldap/config.rb', line 155 def block_auto_created_users ['block_auto_created_users'] end |
#constructed_user_filter ⇒ Object
139 140 141 |
# File 'lib/gitlab/auth/ldap/config.rb', line 139 def constructed_user_filter @constructed_user_filter ||= Net::LDAP::Filter.construct(user_filter) end |
#default_attributes ⇒ Object
199 200 201 202 203 204 205 206 207 |
# File 'lib/gitlab/auth/ldap/config.rb', line 199 def default_attributes { 'username' => %W[#{uid} uid sAMAccountName userid].uniq, 'email' => %w[mail email userPrincipalName], 'name' => 'cn', 'first_name' => 'givenName', 'last_name' => 'sn' } end |
#enabled? ⇒ Boolean
79 80 81 |
# File 'lib/gitlab/auth/ldap/config.rb', line 79 def enabled? base_config.enabled end |
#external_groups ⇒ Object
171 172 173 |
# File 'lib/gitlab/auth/ldap/config.rb', line 171 def external_groups ['external_groups'] || [] end |
#group_base ⇒ Object
143 144 145 |
# File 'lib/gitlab/auth/ldap/config.rb', line 143 def group_base ['group_base'] end |
#has_auth? ⇒ Boolean
175 176 177 |
# File 'lib/gitlab/auth/ldap/config.rb', line 175 def has_auth? auth_password || auth_username end |
#label ⇒ Object
122 123 124 |
# File 'lib/gitlab/auth/ldap/config.rb', line 122 def label ['label'] end |
#lowercase_usernames ⇒ Object
183 184 185 |
# File 'lib/gitlab/auth/ldap/config.rb', line 183 def lowercase_usernames ['lowercase_usernames'] end |
#name_proc ⇒ Object
191 192 193 194 195 196 197 |
# File 'lib/gitlab/auth/ldap/config.rb', line 191 def name_proc if allow_username_or_email_login proc { |name| name.gsub(/@.*\z/, '') } else proc { |name| name } end end |
#omniauth_options ⇒ Object
94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 |
# File 'lib/gitlab/auth/ldap/config.rb', line 94 def opts = .merge( base: base, encryption: ['encryption'], filter: omniauth_user_filter, name_proc: name_proc, disable_verify_certificates: !['verify_certificates'], tls_options: ) if has_auth? opts.merge!( bind_dn: auth_username, password: auth_password ) end opts end |
#retry_empty_result_with_codes ⇒ Object
167 168 169 |
# File 'lib/gitlab/auth/ldap/config.rb', line 167 def retry_empty_result_with_codes .fetch('retry_empty_result_with_codes', []) end |
#sync_name ⇒ Object
187 188 189 |
# File 'lib/gitlab/auth/ldap/config.rb', line 187 def sync_name ['sync_name'] end |
#sync_ssh_keys ⇒ Object
The LDAP attribute in which the ssh keys are stored
131 132 133 |
# File 'lib/gitlab/auth/ldap/config.rb', line 131 def sync_ssh_keys ['sync_ssh_keys'] end |
#sync_ssh_keys? ⇒ Boolean
126 127 128 |
# File 'lib/gitlab/auth/ldap/config.rb', line 126 def sync_ssh_keys? sync_ssh_keys.present? end |
#timeout ⇒ Object
163 164 165 |
# File 'lib/gitlab/auth/ldap/config.rb', line 163 def timeout ['timeout'].to_i end |
#uid ⇒ Object
118 119 120 |
# File 'lib/gitlab/auth/ldap/config.rb', line 118 def uid ['uid'] end |
#user_filter ⇒ Object
135 136 137 |
# File 'lib/gitlab/auth/ldap/config.rb', line 135 def user_filter ['user_filter'] end |