Add support for LDAP groups

3 files changed, 84 insertions, 0 deletions

diff --git a/docs/gl_objects/groups.rst b/docs/gl_objects/groups.rst
index d24e53c..9eddcd9 100644
--- a/docs/gl_objects/groups.rst
+++ b/docs/gl_objects/groups.rst
@@ -171,3 +171,18 @@ Remove a member from the group::
     group.members.delete(member_id)
     # or
     member.delete()
+
+LDAP group links
+================
+
+Add an LDAP group link to an existing GitLab group::
+
+    group.add_ldap_group_link(ldap_group_cn, gitlab.DEVELOPER_ACCESS, 'main')
+
+Remove a link::
+
+    group.delete_ldap_group_link(ldap_group_cn, 'main')
+
+Sync the LDAP groups::
+
+    group.ldap_sync()
diff --git a/gitlab/v4/objects.py b/gitlab/v4/objects.py
index f5160e5..486c0f3 100644
--- a/gitlab/v4/objects.py
+++ b/gitlab/v4/objects.py
@@ -807,6 +807,61 @@ class Group(SaveMixin, ObjectDeleteMixin, RESTObject):
         path = '/groups/%d/search' % self.get_id()
         return self.manager.gitlab.http_list(path, query_data=data, **kwargs)
 
+    @cli.register_custom_action('Group', ('cn', 'group_access', 'provider'))
+    @exc.on_http_error(exc.GitlabCreateError)
+    def add_ldap_group_link(self, cn, group_access, provider, **kwargs):
+        """Add an LDAP group link.
+
+        Args:
+            cn (str): CN of the LDAP group
+            group_access (int): Minimum access level for members of the LDAP
+                group
+            provider (str): LDAP provider for the LDAP group
+            **kwargs: Extra options to send to the Gitlab server (e.g. sudo)
+
+        Raises:
+            GitlabAuthenticationError: If authentication is not correct
+            GitlabCreateError: If the server cannot perform the request
+        """
+        path = '/groups/%d/ldap_group_links' % self.get_id()
+        data = {'cn': cn, 'group_access': group_access, 'provider': provider}
+        self.manager.gitlab.http_post(path, post_data=data, **kwargs)
+
+    @cli.register_custom_action('Group', ('cn',), ('provider',))
+    @exc.on_http_error(exc.GitlabDeleteError)
+    def delete_ldap_group_link(self, cn, provider=None, **kwargs):
+        """Delete an LDAP group link.
+
+        Args:
+            cn (str): CN of the LDAP group
+            provider (str): LDAP provider for the LDAP group
+            **kwargs: Extra options to send to the Gitlab server (e.g. sudo)
+
+        Raises:
+            GitlabAuthenticationError: If authentication is not correct
+            GitlabDeleteError: If the server cannot perform the request
+        """
+        path = '/groups/%d/ldap_group_links' % self.get_id()
+        if provider is not None:
+            path += '/%s' % provider
+        path += '/%s' % cn
+        self.manager.gitlab.http_delete(path)
+
+    @cli.register_custom_action('Group')
+    @exc.on_http_error(exc.GitlabCreateError)
+    def ldap_sync(self, **kwargs):
+        """Sync LDAP groups.
+
+        Args:
+            **kwargs: Extra options to send to the Gitlab server (e.g. sudo)
+
+        Raises:
+            GitlabAuthenticationError: If authentication is not correct
+            GitlabCreateError: If the server cannot perform the request
+        """
+        path = '/groups/%d/ldap_sync' % self.get_id()
+        self.manager.gitlab.http_post(path, **kwargs)
+
 
 class GroupManager(CRUDMixin, RESTManager):
     _path = '/groups'
diff --git a/tools/ee-test.py b/tools/ee-test.py
index 77ccd2e..512d983 100755
--- a/tools/ee-test.py
+++ b/tools/ee-test.py
@@ -7,6 +7,9 @@ P1 = 'root/project1'
 P2 = 'root/project2'
 I_P1 = 1
 I_P2 = 1
+G1 = 'group1'
+LDAP_CN = 'app1'
+LDAP_PROVIDER = 'ldapmain'
 
 
 def start_log(message):
@@ -22,6 +25,7 @@ project1 = gl.projects.get(P1)
 project2 = gl.projects.get(P2)
 issue_p1 = project1.issues.get(I_P1)
 issue_p2 = project2.issues.get(I_P2)
+group1 = gl.groups.get(G1)
 
 start_log('MR approvals')
 approval = project1.approvals.get()
@@ -52,3 +56,13 @@ links = issue_p1.links.list()
 link_id = links[0].issue_link_id
 issue_p1.links.delete(link_id)
 end_log()
+
+start_log('LDAP links')
+# bit of cleanup just in case
+if hasattr(group1, 'ldap_group_links'):
+    for link in group1.ldap_group_links:
+        group1.delete_ldap_group_link(link['cn'], link['provider'])
+group1.add_ldap_group_link(LDAP_CN, 30, LDAP_PROVIDER)
+group1.ldap_sync()
+group1.delete_ldap_group_link(LDAP_CN)
+end_log()