3 files changed, 28 insertions, 40 deletions

diff --git a/lib/gitlab/auth.rb b/lib/gitlab/auth.rb
index 5f4b6c22c2c..34e25bc9ccb 100644
--- a/lib/gitlab/auth.rb
+++ b/lib/gitlab/auth.rb
@@ -66,23 +66,12 @@ module Gitlab
       Gitlab::AppLogger
     end
 
-    def ldap_auth(login, password)
-      # Check user against LDAP backend if user is not authenticated
-      # Only check with valid login and password to prevent anonymous bind results
-      return nil unless ldap_conf.enabled && !login.blank? && !password.blank?
-
-      ldap = OmniAuth::LDAP::Adaptor.new(ldap_conf)
-      ldap_user = ldap.bind_as(
-        filter: Net::LDAP::Filter.eq(ldap.uid, login),
-        size: 1,
-        password: password
-      )
-
-      User.find_by_extern_uid_and_provider(ldap_user.dn, 'ldap') if ldap_user
-    end
-
     def ldap_conf
       @ldap_conf ||= Gitlab.config.ldap
     end
+
+    def ldap_auth(login, password)
+      Gitlab::LDAP::User.auth(login, password)
+    end
   end
 end
diff --git a/lib/gitlab/backend/grack_ldap.rb b/lib/gitlab/backend/grack_ldap.rb
deleted file mode 100644
index 45e98fbac1e..00000000000
--- a/lib/gitlab/backend/grack_ldap.rb
+++ /dev/null
@@ -1,24 +0,0 @@
-require 'omniauth-ldap'
-
-module Grack
-  module LDAP
-    def ldap_auth(login, password)
-      # Check user against LDAP backend if user is not authenticated
-      # Only check with valid login and password to prevent anonymous bind results
-      return nil unless ldap_conf.enabled && !login.blank? && !password.blank?
-
-      ldap = OmniAuth::LDAP::Adaptor.new(ldap_conf)
-      ldap_user = ldap.bind_as(
-        filter: Net::LDAP::Filter.eq(ldap.uid, login),
-        size: 1,
-        password: password
-      )
-
-      User.find_by_extern_uid_and_provider(ldap_user.dn, 'ldap') if ldap_user
-    end
-
-    def ldap_conf
-      @ldap_conf ||= Gitlab.config.ldap
-    end
-  end
-end
diff --git a/lib/gitlab/ldap/user.rb b/lib/gitlab/ldap/user.rb
index a7a11e5a640..fe4a93f3fe7 100644
--- a/lib/gitlab/ldap/user.rb
+++ b/lib/gitlab/ldap/user.rb
@@ -9,7 +9,7 @@ module Gitlab
       class << self
         def find(uid, email)
           # Look for user with ldap provider and same uid
-          user = model.ldap.where(extern_uid: uid).last
+          user = find_by_uid(uid)
           return user if user
 
           # Look for user with same emails
@@ -61,6 +61,25 @@ module Gitlab
           user
         end
 
+        def find_by_uid(uid)
+          model.ldap.where(extern_uid: uid).last
+        end
+
+        def auth(login, password)
+          # Check user against LDAP backend if user is not authenticated
+          # Only check with valid login and password to prevent anonymous bind results
+          return nil unless ldap_conf.enabled && login.present? && password.present?
+
+          ldap = OmniAuth::LDAP::Adaptor.new(ldap_conf)
+          ldap_user = ldap.bind_as(
+            filter: Net::LDAP::Filter.eq(ldap.uid, login),
+            size: 1,
+            password: password
+          )
+
+          find_by_uid(ldap_user.dn) if ldap_user
+        end
+
         private
 
         def uid(auth)
@@ -86,6 +105,10 @@ module Gitlab
         def model
           ::User
         end
+
+        def ldap_conf
+          Gitlab.config.ldap
+        end
       end
     end
   end