diff options
| -rw-r--r-- | config/gitlab.yml.example | 6 | ||||
| -rw-r--r-- | config/initializers/1_settings.rb | 1 | ||||
| -rw-r--r-- | lib/gitlab/ldap/access.rb | 4 | ||||
| -rw-r--r-- | spec/lib/gitlab/ldap/access_spec.rb | 15 |
4 files changed, 25 insertions, 1 deletions
diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example index ad1db4b4f43..131b5d1238d 100644 --- a/config/gitlab.yml.example +++ b/config/gitlab.yml.example @@ -140,6 +140,12 @@ production: &base method: 'ssl' # "tls" or "ssl" or "plain" bind_dn: '_the_full_dn_of_the_user_you_will_bind_with' password: '_the_password_of_the_bind_user' + + # This setting specifies if LDAP server is Active Directory LDAP server. + # For non AD servers it skips the AD specific queries. + # If your LDAP server is not AD, set this to false. + active_directory: true + # If allow_username_or_email_login is enabled, GitLab will ignore everything # after the first '@' in the LDAP username submitted by the user on login. # diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb index caf4ef25cdd..0d11ae6f33f 100644 --- a/config/initializers/1_settings.rb +++ b/config/initializers/1_settings.rb @@ -57,6 +57,7 @@ end Settings['ldap'] ||= Settingslogic.new({}) Settings.ldap['enabled'] = false if Settings.ldap['enabled'].nil? Settings.ldap['allow_username_or_email_login'] = false if Settings.ldap['allow_username_or_email_login'].nil? +Settings.ldap['active_directory'] = true if Settings.ldap['active_directory'].nil? Settings['omniauth'] ||= Settingslogic.new({}) diff --git a/lib/gitlab/ldap/access.rb b/lib/gitlab/ldap/access.rb index c054b6f5865..d2235d2e3bc 100644 --- a/lib/gitlab/ldap/access.rb +++ b/lib/gitlab/ldap/access.rb @@ -28,7 +28,9 @@ module Gitlab def allowed?(user) if Gitlab::LDAP::Person.find_by_dn(user.extern_uid, adapter) - !Gitlab::LDAP::Person.disabled_via_active_directory?(user.extern_uid, adapter) + if Gitlab.config.ldap.active_directory + !Gitlab::LDAP::Person.disabled_via_active_directory?(user.extern_uid, adapter) + end else false end diff --git a/spec/lib/gitlab/ldap/access_spec.rb b/spec/lib/gitlab/ldap/access_spec.rb index 2307a03f656..d50f605e050 100644 --- a/spec/lib/gitlab/ldap/access_spec.rb +++ b/spec/lib/gitlab/ldap/access_spec.rb @@ -27,6 +27,21 @@ describe Gitlab::LDAP::Access do it { should be_true } end + + context 'and has no disabled flag in active diretory' do + before { + Gitlab::LDAP::Person.stub(disabled_via_active_directory?: false) + Gitlab.config.ldap['enabled'] = true + Gitlab.config.ldap['active_directory'] = false + } + + after { + Gitlab.config.ldap['enabled'] = false + Gitlab.config.ldap['active_directory'] = true + } + + it { should be_false } + end end end end |