summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorDrew Blessing <drew@blessing.io>2019-05-17 15:26:15 -0500
committerDrew Blessing <drew@blessing.io>2019-06-21 05:49:56 -0500
commit05d5504d072fa1a1c222e94b21e483ba28cbe666 (patch)
treed71b107855b213fb87fa64032b78808ef23b4983 /lib
parentc10bde1ff088d0b744ce98b28ee6faa16b0eda34 (diff)
downloadgitlab-ce-05d5504d072fa1a1c222e94b21e483ba28cbe666.tar.gz
Sanitize LDAP output in Rake tasks
The various LDAP check Rake tasks have long supported a SANITIZE environment variable. When present, identifiable information is obscured such as user names and project/group names. Until now, the LDAP check did not honor this. Now it will only say how many users were found. This should at least give the indication that the LDAP configuration found something, but will not leak what it is. Resolves #56131
Diffstat (limited to 'lib')
-rw-r--r--lib/system_check/ldap_check.rb9
1 files changed, 7 insertions, 2 deletions
diff --git a/lib/system_check/ldap_check.rb b/lib/system_check/ldap_check.rb
index 619fb3cccb8..938026424ed 100644
--- a/lib/system_check/ldap_check.rb
+++ b/lib/system_check/ldap_check.rb
@@ -33,8 +33,13 @@ module SystemCheck
$stdout.puts "LDAP users with access to your GitLab server (only showing the first #{limit} results)"
users = adapter.users(adapter.config.uid, '*', limit)
- users.each do |user|
- $stdout.puts "\tDN: #{user.dn}\t #{adapter.config.uid}: #{user.uid}"
+
+ if should_sanitize?
+ $stdout.puts "\tUser output sanitized. Found #{users.length} users of #{limit} limit."
+ else
+ users.each do |user|
+ $stdout.puts "\tDN: #{user.dn}\t #{adapter.config.uid}: #{user.uid}"
+ end
end
end
rescue Net::LDAP::ConnectionRefusedError, Errno::ECONNREFUSED => e