summaryrefslogtreecommitdiff
path: root/lib/gitlab/ldap
Commit message (Collapse)AuthorAgeFilesLines
* Support simple string LDAP attribute specifications, and search for name ↵dm-ldap-adapter-attributesDouwe Maan2017-08-232-5/+10
| | | | rather than username attributes
* Merge branch 'rs-more-public-send-whitelists' into 'master'Rémy Coutable2017-08-161-2/+2
|\ | | | | | | | | Whitelist or fix additional `Gitlab/PublicSend` cop violations See merge request !13467
| * Whitelist or fix additional `Gitlab/PublicSend` cop violationsrs-more-public-send-whitelistsRobert Speicher2017-08-141-2/+2
| | | | | | | | | | An upcoming update to rubocop-gitlab-security added additional violations.
* | Enable Layout/TrailingWhitespace cop and auto-correct offensesRobert Speicher2017-08-151-1/+1
|/
* Pass OmniAuth formatted options to OmniAuth::LDAP::Adaptordm-ldap-authentication-ssl-verificationDouwe Maan2017-07-311-1/+1
|
* Backport some recent changes related to LDAP from EEbackport-2844-ldap-ee-license-checksRubén Dávila2017-07-271-0/+6
|
* Use LDAP-attributes configured in gitlab.yml in lookup instead of just ↵Casper2017-07-261-1/+1
| | | | hard-coded attributes.
* Fix plain LDAP (no encryption)Michael Kozono2017-07-261-3/+6
|
* Fix code styleMichael Kozono2017-07-261-5/+5
|
* Move backwards compatibility logic out of the codeMichael Kozono2017-07-261-5/+1
| | | | And closer to the configuration setup. The code doesn’t need to know about this.
* Pass configured `ssl_version` to `omniauth-ldap`Michael Kozono2017-07-261-0/+2
|
* Pass configured `ca_file` to `omniauth-ldap`Michael Kozono2017-07-261-0/+1
|
* Verify certificates in `omniauth-ldap`Michael Kozono2017-07-261-1/+2
|
* Set `Net::LDAP` `ssl_version` optionMichael Kozono2017-07-261-0/+1
|
* Set `Net::LDAP` `ca_file` optionMichael Kozono2017-07-261-5/+15
|
* Set `Net::LDAP` encryption properlyMichael Kozono2017-07-261-8/+26
|
* Use encryption instead of methodMichael Kozono2017-07-261-2/+2
| | | | The method key is deprecated in the `gitlab_omniauth-ldap` gem.
* Fix setting `last_credential_check` on LDAP-loginbvl-fix-ldap-loginBob Van Landuyt2017-06-281-1/+1
|
* refactor update user service not to do auth checksJames Lopez2017-06-231-1/+1
|
* more refactoring based on feedbackJames Lopez2017-06-231-2/+1
|
* added service in the rest of controllers and classesJames Lopez2017-06-231-1/+2
|
* Enable Style/DotPosition Rubocop :cop:Grzegorz Bizon2017-06-211-3/+3
|
* Sync email address from specified omniauth providerRobin Bobbitt2017-06-071-9/+4
|
* Enable the Style/TrailingCommaInArguments copRémy Coutable2017-05-101-1/+1
| | | | | | Use the EnforcedStyleForMultiline: no_comma option. Signed-off-by: Rémy Coutable <remy@rymai.me>
* Enable Style/Proc cop for rubocopmhasbini2017-04-021-2/+2
|
* Remove explicit `require` calls, and use `require_dependency` when needed29389-fix-already-initialized-constantsRémy Coutable2017-03-131-2/+0
| | | | | | | | See http://guides.rubyonrails.org/autoloading_and_reloading_constants.html for more info. Signed-off-by: Rémy Coutable <remy@rymai.me>
* Revert "Prefer leading style for Style/DotPosition"Douwe Maan2017-02-231-3/+3
| | | | This reverts commit cb10b725c8929b8b4460f89c9d96c773af39ba6b.
* Enable Rails/DelegateDouwe Maan2017-02-231-3/+1
|
* Prefer leading style for Style/DotPositionDouwe Maan2017-02-231-3/+3
|
* Fix Rubocop offenses in LDAP related code and specGrzegorz Bizon2017-01-101-2/+2
|
* Merge branch 'feature/log-ldap-to-application-log' into 'master' Rémy Coutable2017-01-091-4/+22
|\ | | | | | | | | Log LDAP blocking/unblocking events to application log See merge request !8042
| * fixup! Log messages when blocking/unblocking LDAP accountsMarkus Koller2016-12-201-1/+1
| |
| * Log messages when blocking/unblocking LDAP accountsMarkus Koller2016-12-201-4/+22
| |
* | LDAP attributes needs default valuesDrew Blessing2017-01-063-7/+15
| |
* | Gitlab::LDAP::Person uses LDAP attributes configurationDrew Blessing2017-01-031-2/+17
|/ | | | | | | | | | We allow users to configure LDAP attribute preferences. For example, email can be configured to use `mail`, `email` and `userPrincipalName`, falling through to the next until a value is found. Prior to this change, Gitlab::LDAP::Person did not honor this configuration. Now, the class will honor `name` and `mail` configuration. It does not handle `username`, or fallback to `first_name` + `last_name` in the absence of `name`.
* Centralize LDAP config/filter logicDrew Blessing2016-11-113-14/+61
| | | | | | | | | Centralize all LDAP config logic in `GitLab::LDAP::Config`. Previously, some logic was in the Devise initializer and it was not honoring the `user_filter`. If a user outside the configured `user_filter` signed in, an account would be created but they would then be denied access. Now that logic is centralized, the filter is honored and users outside the filter are never created.
* Introduce better credential and error checking to `rake gitlab:ldap:check`Drew Blessing2016-11-081-4/+4
| | | | | | | It was previously possible for invalid credential errors to go unnoticed in this task. Users would believe everything was configured correctly and then sign in would fail with 'invalid credentials'. This adds a specific bind check, plus catches errors connecting to the server. Also, specs :)
* Log LDAP lookup errors and don't swallow unrelated exceptionsMarkus Koller2016-09-282-2/+3
| | | | Signed-off-by: Roger Meier <r.meier@siemens.com>
* Move LDAP user attributes to a methodDrew Blessing2016-09-151-1/+5
|
* Request only the LDAP attributes we needDrew Blessing2016-09-091-25/+33
|
* Enable Style/SpaceAroundEqualsInParameterDefault coprubocop/SpaceAroundEqualsInParameterDefaultGabriel Mazetto2016-08-062-2/+2
|
* Enable Style/EmptyLinesAroundAccessModifier rubocop coprubocop/enable-empty-lines-around-access-modifier-copGrzegorz Bizon2016-06-031-0/+1
| | | | See #17478
* Unblocks user when active_directory is disabled and it can be foundpatch/fix-ldap-unblock-user-logicGabriel Mazetto2016-04-051-1/+4
|
* Decouple SAML authentication from the default Omniauth logicPatricio Cano2016-02-181-0/+4
|
* Revert "Merge branch 'saml-decoupling' into 'master' "Douwe Maan2016-02-181-4/+0
| | | | | This reverts commit c04e22fba8d130a58f498ff48127712d7dae17ee, reversing changes made to 0feab326d52222dc0ab5bd0a6b15dab297f44aa9.
* Decouple SAML authentication from the default Omniauth logicPatricio Cano2016-02-181-0/+4
|
* Allow LDAP users to change their email if it was not set by the LDAP serverDouwe Maan2016-01-191-13/+16
|
* Merge branch 'feature/ldap-sync-edgecases' into 'master' Douwe Maan2016-01-141-3/+3
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | LDAP Sync blocked user edgecases Allow GitLab admins to block otherwise valid GitLab LDAP users (https://gitlab.com/gitlab-org/gitlab-ce/issues/3462) Based on the discussion on the original issue, we are going to differentiate "normal" block operations to the ldap automatic ones in order to make some decisions when its one or the other. Expected behavior: - [x] "ldap_blocked" users respond to both `blocked?` and `ldap_blocked?` - [x] "ldap_blocked" users can't be unblocked by the Admin UI - [x] "ldap_blocked" users can't be unblocked by the API - [x] Block operations that are originated from LDAP synchronization will flag user as "ldap_blocked" - [x] Only "ldap_blocked" users will be automatically unblocked by LDAP synchronization - [x] When LDAP identity is removed, we should convert `ldap_blocked` into `blocked` Mockup for the Admin UI with both "ldap_blocked" and normal "blocked" users: ![image](/uploads/4f56fc17b73cb2c9e2a154a22e7ad291/image.png) There will be another MR for the EE version. See merge request !2242
| * fixed LDAP activation on login to use new ldap_blocked statefeature/ldap-sync-edgecasesGabriel Mazetto2016-01-141-3/+1
| |
| * Code style fixes and some code simplifiedGabriel Mazetto2016-01-081-1/+3
| |
View Lorry Controller Status