Merge branch 'ldap-block_auto_created_users' into 'master'

Add config var to block auto-created LDAP users.

Addresses private issue https://dev.gitlab.org/gitlab/gitlabhq/issues/2110.

See merge request !522

2 files changed, 12 insertions, 2 deletions

diff --git a/lib/gitlab/ldap/config.rb b/lib/gitlab/ldap/config.rb
index fa5b6c1e230..d2ffa2e1fe8 100644
--- a/lib/gitlab/ldap/config.rb
+++ b/lib/gitlab/ldap/config.rb
@@ -80,6 +80,10 @@ module Gitlab
         options['active_directory']
       end
 
+      def block_auto_created_users
+        options['block_auto_created_users']
+      end
+
       protected
       def base_config
         Gitlab.config.ldap
diff --git a/lib/gitlab/ldap/user.rb b/lib/gitlab/ldap/user.rb
index d054014039a..f7f3ba9ad7d 100644
--- a/lib/gitlab/ldap/user.rb
+++ b/lib/gitlab/ldap/user.rb
@@ -39,6 +39,8 @@ module Gitlab
       end
 
       def update_user_attributes
+        return unless persisted?
+
         gl_user.skip_reconfirmation!
         gl_user.email = auth_hash.email
 
@@ -53,13 +55,17 @@ module Gitlab
         gl_user.changed? || gl_user.identities.any?(&:changed?)
       end
 
-      def needs_blocking?
-        false
+      def block_after_signup?
+        ldap_config.block_auto_created_users
       end
 
       def allowed?
         Gitlab::LDAP::Access.allowed?(gl_user)
       end
+
+      def ldap_config
+        Gitlab::LDAP::Config.new(auth_hash.provider)
+      end
     end
   end
 end