Class: Gitlab::Auth::Ldap::Config

Inherits:
Object
  • Object
show all
Defined in:
lib/gitlab/auth/ldap/config.rb

Constant Summary collapse

NET_LDAP_ENCRYPTION_METHOD =
{
  simple_tls: :simple_tls,
  start_tls: :start_tls,
  plain: nil
}.freeze
InvalidProvider =
Class.new(StandardError)

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(provider) ⇒ Config

Returns a new instance of Config.



69
70
71
72
73
74
75
76
77
# File 'lib/gitlab/auth/ldap/config.rb', line 69

def initialize(provider)
  if self.class.valid_provider?(provider)
    @provider = provider
  else
    self.class.invalid_provider(provider)
  end

  @options = config_for(@provider) # Use @provider, not provider
end

Instance Attribute Details

#optionsObject

Returns the value of attribute options.



14
15
16
# File 'lib/gitlab/auth/ldap/config.rb', line 14

def options
  @options
end

#providerObject

Returns the value of attribute provider.



14
15
16
# File 'lib/gitlab/auth/ldap/config.rb', line 14

def provider
  @provider
end

Class Method Details

._available_serversObject



40
41
42
# File 'lib/gitlab/auth/ldap/config.rb', line 40

def self._available_servers
  Array.wrap(servers.first)
end

.available_providersObject



48
49
50
# File 'lib/gitlab/auth/ldap/config.rb', line 48

def self.available_providers
  provider_names_from_servers(available_servers)
end

.available_serversObject



34
35
36
37
38
# File 'lib/gitlab/auth/ldap/config.rb', line 34

def self.available_servers
  return [] unless enabled?

  _available_servers
end

.enabled?Boolean

Returns:

  • (Boolean)


18
19
20
# File 'lib/gitlab/auth/ldap/config.rb', line 18

def self.enabled?
  Gitlab.config.ldap.enabled
end

.encrypted_secretsObject



65
66
67
# File 'lib/gitlab/auth/ldap/config.rb', line 65

def self.encrypted_secrets
  Settings.encrypted(Gitlab.config.ldap.secret_file)
end

.invalid_provider(provider) ⇒ Object

Raises:



61
62
63
# File 'lib/gitlab/auth/ldap/config.rb', line 61

def self.invalid_provider(provider)
  raise InvalidProvider, "Unknown provider (#{provider}). Available providers: #{providers}"
end

.prevent_ldap_sign_in?Boolean

Returns:

  • (Boolean)


26
27
28
# File 'lib/gitlab/auth/ldap/config.rb', line 26

def self.prevent_ldap_sign_in?
  Gitlab.config.ldap.
end

.providersObject



44
45
46
# File 'lib/gitlab/auth/ldap/config.rb', line 44

def self.providers
  provider_names_from_servers(servers)
end

.serversObject



30
31
32
# File 'lib/gitlab/auth/ldap/config.rb', line 30

def self.servers
  Gitlab.config.ldap.servers&.values || []
end

.sign_in_enabled?Boolean

Returns:

  • (Boolean)


22
23
24
# File 'lib/gitlab/auth/ldap/config.rb', line 22

def self.
  enabled? && !prevent_ldap_sign_in?
end

.valid_provider?(provider) ⇒ Boolean

Returns:

  • (Boolean)


57
58
59
# File 'lib/gitlab/auth/ldap/config.rb', line 57

def self.valid_provider?(provider)
  providers.include?(provider)
end

Instance Method Details

#active_directoryObject



151
152
153
# File 'lib/gitlab/auth/ldap/config.rb', line 151

def active_directory
  options['active_directory']
end

#adapter_optionsObject



83
84
85
86
87
88
89
90
91
92
# File 'lib/gitlab/auth/ldap/config.rb', line 83

def adapter_options
  opts = base_options.merge(
    encryption: encryption_options,
    instrumentation_service: ActiveSupport::Notifications
  )

  opts.merge!(auth_options) if has_auth?

  opts
end

#admin_groupObject



147
148
149
# File 'lib/gitlab/auth/ldap/config.rb', line 147

def admin_group
  options['admin_group']
end

#allow_username_or_email_loginObject



179
180
181
# File 'lib/gitlab/auth/ldap/config.rb', line 179

def 
  options['allow_username_or_email_login']
end

#attributesObject



159
160
161
# File 'lib/gitlab/auth/ldap/config.rb', line 159

def attributes
  default_attributes.merge(options['attributes'])
end

#baseObject



114
115
116
# File 'lib/gitlab/auth/ldap/config.rb', line 114

def base
  @base ||= Person.normalize_dn(options['base'])
end

#block_auto_created_usersObject



155
156
157
# File 'lib/gitlab/auth/ldap/config.rb', line 155

def block_auto_created_users
  options['block_auto_created_users']
end

#constructed_user_filterObject



139
140
141
# File 'lib/gitlab/auth/ldap/config.rb', line 139

def constructed_user_filter
  @constructed_user_filter ||= Net::LDAP::Filter.construct(user_filter)
end

#default_attributesObject



199
200
201
202
203
204
205
206
207
# File 'lib/gitlab/auth/ldap/config.rb', line 199

def default_attributes
  {
    'username' => %W[#{uid} uid sAMAccountName userid].uniq,
    'email' => %w[mail email userPrincipalName],
    'name' => 'cn',
    'first_name' => 'givenName',
    'last_name' => 'sn'
  }
end

#enabled?Boolean

Returns:

  • (Boolean)


79
80
81
# File 'lib/gitlab/auth/ldap/config.rb', line 79

def enabled?
  base_config.enabled
end

#external_groupsObject



171
172
173
# File 'lib/gitlab/auth/ldap/config.rb', line 171

def external_groups
  options['external_groups'] || []
end

#group_baseObject



143
144
145
# File 'lib/gitlab/auth/ldap/config.rb', line 143

def group_base
  options['group_base']
end

#has_auth?Boolean

Returns:

  • (Boolean)


175
176
177
# File 'lib/gitlab/auth/ldap/config.rb', line 175

def has_auth?
  auth_password || auth_username
end

#labelObject



122
123
124
# File 'lib/gitlab/auth/ldap/config.rb', line 122

def label
  options['label']
end

#lowercase_usernamesObject



183
184
185
# File 'lib/gitlab/auth/ldap/config.rb', line 183

def lowercase_usernames
  options['lowercase_usernames']
end

#name_procObject



191
192
193
194
195
196
197
# File 'lib/gitlab/auth/ldap/config.rb', line 191

def name_proc
  if 
    proc { |name| name.gsub(/@.*\z/, '') }
  else
    proc { |name| name }
  end
end

#omniauth_optionsObject



94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
# File 'lib/gitlab/auth/ldap/config.rb', line 94

def omniauth_options
  opts = base_options.merge(
    base: base,
    encryption: options['encryption'],
    filter: omniauth_user_filter,
    name_proc: name_proc,
    disable_verify_certificates: !options['verify_certificates'],
    tls_options: tls_options
  )

  if has_auth?
    opts.merge!(
      bind_dn: auth_username,
      password: auth_password
    )
  end

  opts
end

#retry_empty_result_with_codesObject



167
168
169
# File 'lib/gitlab/auth/ldap/config.rb', line 167

def retry_empty_result_with_codes
  options.fetch('retry_empty_result_with_codes', [])
end

#sync_nameObject



187
188
189
# File 'lib/gitlab/auth/ldap/config.rb', line 187

def sync_name
  options['sync_name']
end

#sync_ssh_keysObject

The LDAP attribute in which the ssh keys are stored



131
132
133
# File 'lib/gitlab/auth/ldap/config.rb', line 131

def sync_ssh_keys
  options['sync_ssh_keys']
end

#sync_ssh_keys?Boolean

Returns:

  • (Boolean)


126
127
128
# File 'lib/gitlab/auth/ldap/config.rb', line 126

def sync_ssh_keys?
  sync_ssh_keys.present?
end

#timeoutObject



163
164
165
# File 'lib/gitlab/auth/ldap/config.rb', line 163

def timeout
  options['timeout'].to_i
end

#uidObject



118
119
120
# File 'lib/gitlab/auth/ldap/config.rb', line 118

def uid
  options['uid']
end

#user_filterObject



135
136
137
# File 'lib/gitlab/auth/ldap/config.rb', line 135

def user_filter
  options['user_filter']
end