Class: Gitlab::Auth::Ldap::Config

Inherits:

Object

• Object
• Gitlab::Auth::Ldap::Config

Defined in:

lib/gitlab/auth/ldap/config.rb

Constant Summary

NET_LDAP_ENCRYPTION_METHOD =

{
  simple_tls: :simple_tls,
  start_tls:  :start_tls,
  plain:      nil
}.freeze

InvalidProvider =

Class.new(StandardError)

Instance Attribute Summary

• #options ⇒ Object

  Returns the value of attribute options.

• #provider ⇒ Object

  Returns the value of attribute provider.

Class Method Summary

• ._available_servers ⇒ Object
• .available_servers ⇒ Object
• .enabled? ⇒ Boolean
• .invalid_provider(provider) ⇒ Object
• .prevent_ldap_sign_in? ⇒ Boolean
• .providers ⇒ Object
• .servers ⇒ Object
• .sign_in_enabled? ⇒ Boolean
• .valid_provider?(provider) ⇒ Boolean

Instance Method Summary

• #active_directory ⇒ Object
• #adapter_options ⇒ Object
• #admin_group ⇒ Object
• #allow_username_or_email_login ⇒ Object
• #attributes ⇒ Object
• #base ⇒ Object
• #block_auto_created_users ⇒ Object
• #constructed_user_filter ⇒ Object
• #default_attributes ⇒ Object
• #enabled? ⇒ Boolean
• #external_groups ⇒ Object
• #group_base ⇒ Object
• #has_auth? ⇒ Boolean
• #initialize(provider) ⇒ Config constructor

  A new instance of Config.

• #label ⇒ Object
• #lowercase_usernames ⇒ Object
• #name_proc ⇒ Object
• #omniauth_options ⇒ Object
• #sync_ssh_keys ⇒ Object

  The LDAP attribute in which the ssh keys are stored.

• #sync_ssh_keys? ⇒ Boolean
• #timeout ⇒ Object
• #uid ⇒ Object
• #user_filter ⇒ Object

Constructor Details

#initialize(provider) ⇒ Config

Returns a new instance of Config.

# File 'lib/gitlab/auth/ldap/config.rb', line 56

def initialize(provider)
  if self.class.valid_provider?(provider)
    @provider = provider
  else
    self.class.invalid_provider(provider)
  end

  @options = config_for(@provider) # Use @provider, not provider
end

Instance Attribute Details

#options ⇒ Object

Returns the value of attribute options

# File 'lib/gitlab/auth/ldap/config.rb', line 14

def options
  @options
end

#provider ⇒ Object

Returns the value of attribute provider

# File 'lib/gitlab/auth/ldap/config.rb', line 14

def provider
  @provider
end

Class Method Details

._available_servers ⇒ Object

# File 'lib/gitlab/auth/ldap/config.rb', line 40

def self._available_servers
  Array.wrap(servers.first)
end

.available_servers ⇒ Object

# File 'lib/gitlab/auth/ldap/config.rb', line 34

def self.available_servers
  return [] unless enabled?

  _available_servers
end

.enabled? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/gitlab/auth/ldap/config.rb', line 18

def self.enabled?
  Gitlab.config.ldap.enabled
end

.invalid_provider(provider) ⇒ Object

Raises:

• (InvalidProvider)

# File 'lib/gitlab/auth/ldap/config.rb', line 52

def self.invalid_provider(provider)
  raise InvalidProvider.new("Unknown provider (#{provider}). Available providers: #{providers}")
end

.prevent_ldap_sign_in? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/gitlab/auth/ldap/config.rb', line 26

def self.prevent_ldap_sign_in?
  Gitlab.config.ldap.prevent_ldap_sign_in
end

.providers ⇒ Object

# File 'lib/gitlab/auth/ldap/config.rb', line 44

def self.providers
  servers.map { |server| server['provider_name'] }
end

.servers ⇒ Object

# File 'lib/gitlab/auth/ldap/config.rb', line 30

def self.servers
  Gitlab.config.ldap['servers']&.values || []
end

.sign_in_enabled? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/gitlab/auth/ldap/config.rb', line 22

def self.sign_in_enabled?
  enabled? && !prevent_ldap_sign_in?
end

.valid_provider?(provider) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/gitlab/auth/ldap/config.rb', line 48

def self.valid_provider?(provider)
  providers.include?(provider)
end

Instance Method Details

#active_directory ⇒ Object

# File 'lib/gitlab/auth/ldap/config.rb', line 137

def active_directory
  options['active_directory']
end

#adapter_options ⇒ Object

# File 'lib/gitlab/auth/ldap/config.rb', line 70

def adapter_options
  opts = base_options.merge(
    encryption: encryption_options
  )

  opts.merge!(auth_options) if has_auth?

  opts
end

#admin_group ⇒ Object

# File 'lib/gitlab/auth/ldap/config.rb', line 133

def admin_group
  options['admin_group']
end

#allow_username_or_email_login ⇒ Object

# File 'lib/gitlab/auth/ldap/config.rb', line 161

def allow_username_or_email_login
  options['allow_username_or_email_login']
end

#attributes ⇒ Object

# File 'lib/gitlab/auth/ldap/config.rb', line 145

def attributes
  default_attributes.merge(options['attributes'])
end

#base ⇒ Object

# File 'lib/gitlab/auth/ldap/config.rb', line 100

def base
  @base ||= Person.normalize_dn(options['base'])
end

#block_auto_created_users ⇒ Object

# File 'lib/gitlab/auth/ldap/config.rb', line 141

def block_auto_created_users
  options['block_auto_created_users']
end

#constructed_user_filter ⇒ Object

# File 'lib/gitlab/auth/ldap/config.rb', line 125

def constructed_user_filter
  @constructed_user_filter ||= Net::LDAP::Filter.construct(user_filter)
end

#default_attributes ⇒ Object

# File 'lib/gitlab/auth/ldap/config.rb', line 177

def default_attributes
  {
    'username'    => %W(#{uid} uid sAMAccountName userid).uniq,
    'email'       => %w(mail email userPrincipalName),
    'name'        => 'cn',
    'first_name'  => 'givenName',
    'last_name'   => 'sn'
  }
end

#enabled? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/gitlab/auth/ldap/config.rb', line 66

def enabled?
  base_config.enabled
end

#external_groups ⇒ Object

# File 'lib/gitlab/auth/ldap/config.rb', line 153

def external_groups
  options['external_groups'] || []
end

#group_base ⇒ Object

# File 'lib/gitlab/auth/ldap/config.rb', line 129

def group_base
  options['group_base']
end

#has_auth? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/gitlab/auth/ldap/config.rb', line 157

def has_auth?
  options['password'] || options['bind_dn']
end

#label ⇒ Object

# File 'lib/gitlab/auth/ldap/config.rb', line 108

def label
  options['label']
end

#lowercase_usernames ⇒ Object

# File 'lib/gitlab/auth/ldap/config.rb', line 165

def lowercase_usernames
  options['lowercase_usernames']
end

#name_proc ⇒ Object

# File 'lib/gitlab/auth/ldap/config.rb', line 169

def name_proc
  if allow_username_or_email_login
    proc { |name| name.gsub(/@.*\z/, '') }
  else
    proc { |name| name }
  end
end

#omniauth_options ⇒ Object

# File 'lib/gitlab/auth/ldap/config.rb', line 80

def omniauth_options
  opts = base_options.merge(
    base: base,
    encryption: options['encryption'],
    filter: omniauth_user_filter,
    name_proc: name_proc,
    disable_verify_certificates: !options['verify_certificates'],
    tls_options: tls_options
  )

  if has_auth?
    opts.merge!(
      bind_dn: options['bind_dn'],
      password: options['password']
    )
  end

  opts
end

#sync_ssh_keys ⇒ Object

The LDAP attribute in which the ssh keys are stored

# File 'lib/gitlab/auth/ldap/config.rb', line 117

def sync_ssh_keys
  options['sync_ssh_keys']
end

#sync_ssh_keys? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/gitlab/auth/ldap/config.rb', line 112

def sync_ssh_keys?
  sync_ssh_keys.present?
end

#timeout ⇒ Object

# File 'lib/gitlab/auth/ldap/config.rb', line 149

def timeout
  options['timeout'].to_i
end

#uid ⇒ Object

# File 'lib/gitlab/auth/ldap/config.rb', line 104

def uid
  options['uid']
end

#user_filter ⇒ Object

# File 'lib/gitlab/auth/ldap/config.rb', line 121

def user_filter
  options['user_filter']
end