Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Support simple string LDAP attribute specifications, and search for name ↵dm-ldap-adapter-attributes | Douwe Maan | 2017-08-23 | 2 | -5/+10 |
| | | | | rather than username attributes | ||||
* | Merge branch 'rs-more-public-send-whitelists' into 'master' | Rémy Coutable | 2017-08-16 | 1 | -2/+2 |
|\ | | | | | | | | | Whitelist or fix additional `Gitlab/PublicSend` cop violations See merge request !13467 | ||||
| * | Whitelist or fix additional `Gitlab/PublicSend` cop violationsrs-more-public-send-whitelists | Robert Speicher | 2017-08-14 | 1 | -2/+2 |
| | | | | | | | | | | An upcoming update to rubocop-gitlab-security added additional violations. | ||||
* | | Enable Layout/TrailingWhitespace cop and auto-correct offenses | Robert Speicher | 2017-08-15 | 1 | -1/+1 |
|/ | |||||
* | Pass OmniAuth formatted options to OmniAuth::LDAP::Adaptordm-ldap-authentication-ssl-verification | Douwe Maan | 2017-07-31 | 1 | -1/+1 |
| | |||||
* | Backport some recent changes related to LDAP from EEbackport-2844-ldap-ee-license-checks | Rubén Dávila | 2017-07-27 | 1 | -0/+6 |
| | |||||
* | Use LDAP-attributes configured in gitlab.yml in lookup instead of just ↵ | Casper | 2017-07-26 | 1 | -1/+1 |
| | | | | hard-coded attributes. | ||||
* | Fix plain LDAP (no encryption) | Michael Kozono | 2017-07-26 | 1 | -3/+6 |
| | |||||
* | Fix code style | Michael Kozono | 2017-07-26 | 1 | -5/+5 |
| | |||||
* | Move backwards compatibility logic out of the code | Michael Kozono | 2017-07-26 | 1 | -5/+1 |
| | | | | And closer to the configuration setup. The code doesn’t need to know about this. | ||||
* | Pass configured `ssl_version` to `omniauth-ldap` | Michael Kozono | 2017-07-26 | 1 | -0/+2 |
| | |||||
* | Pass configured `ca_file` to `omniauth-ldap` | Michael Kozono | 2017-07-26 | 1 | -0/+1 |
| | |||||
* | Verify certificates in `omniauth-ldap` | Michael Kozono | 2017-07-26 | 1 | -1/+2 |
| | |||||
* | Set `Net::LDAP` `ssl_version` option | Michael Kozono | 2017-07-26 | 1 | -0/+1 |
| | |||||
* | Set `Net::LDAP` `ca_file` option | Michael Kozono | 2017-07-26 | 1 | -5/+15 |
| | |||||
* | Set `Net::LDAP` encryption properly | Michael Kozono | 2017-07-26 | 1 | -8/+26 |
| | |||||
* | Use encryption instead of method | Michael Kozono | 2017-07-26 | 1 | -2/+2 |
| | | | | The method key is deprecated in the `gitlab_omniauth-ldap` gem. | ||||
* | Fix setting `last_credential_check` on LDAP-loginbvl-fix-ldap-login | Bob Van Landuyt | 2017-06-28 | 1 | -1/+1 |
| | |||||
* | refactor update user service not to do auth checks | James Lopez | 2017-06-23 | 1 | -1/+1 |
| | |||||
* | more refactoring based on feedback | James Lopez | 2017-06-23 | 1 | -2/+1 |
| | |||||
* | added service in the rest of controllers and classes | James Lopez | 2017-06-23 | 1 | -1/+2 |
| | |||||
* | Enable Style/DotPosition Rubocop :cop: | Grzegorz Bizon | 2017-06-21 | 1 | -3/+3 |
| | |||||
* | Sync email address from specified omniauth provider | Robin Bobbitt | 2017-06-07 | 1 | -9/+4 |
| | |||||
* | Enable the Style/TrailingCommaInArguments cop | Rémy Coutable | 2017-05-10 | 1 | -1/+1 |
| | | | | | | Use the EnforcedStyleForMultiline: no_comma option. Signed-off-by: Rémy Coutable <remy@rymai.me> | ||||
* | Enable Style/Proc cop for rubocop | mhasbini | 2017-04-02 | 1 | -2/+2 |
| | |||||
* | Remove explicit `require` calls, and use `require_dependency` when needed29389-fix-already-initialized-constants | Rémy Coutable | 2017-03-13 | 1 | -2/+0 |
| | | | | | | | | See http://guides.rubyonrails.org/autoloading_and_reloading_constants.html for more info. Signed-off-by: Rémy Coutable <remy@rymai.me> | ||||
* | Revert "Prefer leading style for Style/DotPosition" | Douwe Maan | 2017-02-23 | 1 | -3/+3 |
| | | | | This reverts commit cb10b725c8929b8b4460f89c9d96c773af39ba6b. | ||||
* | Enable Rails/Delegate | Douwe Maan | 2017-02-23 | 1 | -3/+1 |
| | |||||
* | Prefer leading style for Style/DotPosition | Douwe Maan | 2017-02-23 | 1 | -3/+3 |
| | |||||
* | Fix Rubocop offenses in LDAP related code and spec | Grzegorz Bizon | 2017-01-10 | 1 | -2/+2 |
| | |||||
* | Merge branch 'feature/log-ldap-to-application-log' into 'master' | Rémy Coutable | 2017-01-09 | 1 | -4/+22 |
|\ | | | | | | | | | Log LDAP blocking/unblocking events to application log See merge request !8042 | ||||
| * | fixup! Log messages when blocking/unblocking LDAP accounts | Markus Koller | 2016-12-20 | 1 | -1/+1 |
| | | |||||
| * | Log messages when blocking/unblocking LDAP accounts | Markus Koller | 2016-12-20 | 1 | -4/+22 |
| | | |||||
* | | LDAP attributes needs default values | Drew Blessing | 2017-01-06 | 3 | -7/+15 |
| | | |||||
* | | Gitlab::LDAP::Person uses LDAP attributes configuration | Drew Blessing | 2017-01-03 | 1 | -2/+17 |
|/ | | | | | | | | | | We allow users to configure LDAP attribute preferences. For example, email can be configured to use `mail`, `email` and `userPrincipalName`, falling through to the next until a value is found. Prior to this change, Gitlab::LDAP::Person did not honor this configuration. Now, the class will honor `name` and `mail` configuration. It does not handle `username`, or fallback to `first_name` + `last_name` in the absence of `name`. | ||||
* | Centralize LDAP config/filter logic | Drew Blessing | 2016-11-11 | 3 | -14/+61 |
| | | | | | | | | | Centralize all LDAP config logic in `GitLab::LDAP::Config`. Previously, some logic was in the Devise initializer and it was not honoring the `user_filter`. If a user outside the configured `user_filter` signed in, an account would be created but they would then be denied access. Now that logic is centralized, the filter is honored and users outside the filter are never created. | ||||
* | Introduce better credential and error checking to `rake gitlab:ldap:check` | Drew Blessing | 2016-11-08 | 1 | -4/+4 |
| | | | | | | | It was previously possible for invalid credential errors to go unnoticed in this task. Users would believe everything was configured correctly and then sign in would fail with 'invalid credentials'. This adds a specific bind check, plus catches errors connecting to the server. Also, specs :) | ||||
* | Log LDAP lookup errors and don't swallow unrelated exceptions | Markus Koller | 2016-09-28 | 2 | -2/+3 |
| | | | | Signed-off-by: Roger Meier <r.meier@siemens.com> | ||||
* | Move LDAP user attributes to a method | Drew Blessing | 2016-09-15 | 1 | -1/+5 |
| | |||||
* | Request only the LDAP attributes we need | Drew Blessing | 2016-09-09 | 1 | -25/+33 |
| | |||||
* | Enable Style/SpaceAroundEqualsInParameterDefault coprubocop/SpaceAroundEqualsInParameterDefault | Gabriel Mazetto | 2016-08-06 | 2 | -2/+2 |
| | |||||
* | Enable Style/EmptyLinesAroundAccessModifier rubocop coprubocop/enable-empty-lines-around-access-modifier-cop | Grzegorz Bizon | 2016-06-03 | 1 | -0/+1 |
| | | | | See #17478 | ||||
* | Unblocks user when active_directory is disabled and it can be foundpatch/fix-ldap-unblock-user-logic | Gabriel Mazetto | 2016-04-05 | 1 | -1/+4 |
| | |||||
* | Decouple SAML authentication from the default Omniauth logic | Patricio Cano | 2016-02-18 | 1 | -0/+4 |
| | |||||
* | Revert "Merge branch 'saml-decoupling' into 'master' " | Douwe Maan | 2016-02-18 | 1 | -4/+0 |
| | | | | | This reverts commit c04e22fba8d130a58f498ff48127712d7dae17ee, reversing changes made to 0feab326d52222dc0ab5bd0a6b15dab297f44aa9. | ||||
* | Decouple SAML authentication from the default Omniauth logic | Patricio Cano | 2016-02-18 | 1 | -0/+4 |
| | |||||
* | Allow LDAP users to change their email if it was not set by the LDAP server | Douwe Maan | 2016-01-19 | 1 | -13/+16 |
| | |||||
* | Merge branch 'feature/ldap-sync-edgecases' into 'master' | Douwe Maan | 2016-01-14 | 1 | -3/+3 |
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | LDAP Sync blocked user edgecases Allow GitLab admins to block otherwise valid GitLab LDAP users (https://gitlab.com/gitlab-org/gitlab-ce/issues/3462) Based on the discussion on the original issue, we are going to differentiate "normal" block operations to the ldap automatic ones in order to make some decisions when its one or the other. Expected behavior: - [x] "ldap_blocked" users respond to both `blocked?` and `ldap_blocked?` - [x] "ldap_blocked" users can't be unblocked by the Admin UI - [x] "ldap_blocked" users can't be unblocked by the API - [x] Block operations that are originated from LDAP synchronization will flag user as "ldap_blocked" - [x] Only "ldap_blocked" users will be automatically unblocked by LDAP synchronization - [x] When LDAP identity is removed, we should convert `ldap_blocked` into `blocked` Mockup for the Admin UI with both "ldap_blocked" and normal "blocked" users: ![image](/uploads/4f56fc17b73cb2c9e2a154a22e7ad291/image.png) There will be another MR for the EE version. See merge request !2242 | ||||
| * | fixed LDAP activation on login to use new ldap_blocked statefeature/ldap-sync-edgecases | Gabriel Mazetto | 2016-01-14 | 1 | -3/+1 |
| | | |||||
| * | Code style fixes and some code simplified | Gabriel Mazetto | 2016-01-08 | 1 | -1/+3 |
| | |