Class: Gitlab::Auth::Ldap::Person

Inherits:
Object
  • Object
show all
Defined in:
lib/gitlab/auth/ldap/person.rb

Constant Summary collapse

AD_USER_DISABLED =

Active Directory-specific LDAP filter that checks if bit 2 of the userAccountControl attribute is set. Source: ctogonewild.com/2009/09/03/bitmask-searches-in-ldap/

Net::LDAP::Filter.ex("userAccountControl:1.2.840.113556.1.4.803", "2")
InvalidEntryError =
Class.new(StandardError)

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(entry, provider) ⇒ Person

Returns a new instance of Person.



65
66
67
68
69
# File 'lib/gitlab/auth/ldap/person.rb', line 65

def initialize(entry, provider)
  Gitlab::AppLogger.debug "Instantiating #{self.class.name} with LDIF:\n#{entry.to_ldif}"
  @entry = entry
  @provider = provider
end

Instance Attribute Details

#providerObject

Returns the value of attribute provider.



14
15
16
# File 'lib/gitlab/auth/ldap/person.rb', line 14

def provider
  @provider
end

Class Method Details

.disabled_via_active_directory?(dn, adapter) ⇒ Boolean

Returns:

  • (Boolean)


31
32
33
# File 'lib/gitlab/auth/ldap/person.rb', line 31

def self.disabled_via_active_directory?(dn, adapter)
  adapter.dn_matches_filter?(dn, AD_USER_DISABLED)
end

.find_by_dn(dn, adapter) ⇒ Object



21
22
23
# File 'lib/gitlab/auth/ldap/person.rb', line 21

def self.find_by_dn(dn, adapter)
  adapter.user('dn', dn)
end

.find_by_email(email, adapter) ⇒ Object



25
26
27
28
29
# File 'lib/gitlab/auth/ldap/person.rb', line 25

def self.find_by_email(email, adapter)
  email_fields = adapter.config.attributes['email']

  adapter.user(email_fields, email)
end

.find_by_uid(uid, adapter) ⇒ Object



16
17
18
19
# File 'lib/gitlab/auth/ldap/person.rb', line 16

def self.find_by_uid(uid, adapter)
  uid = Net::LDAP::Filter.escape(uid)
  adapter.user(adapter.config.uid, uid)
end

.ldap_attributes(config) ⇒ Object



35
36
37
38
39
40
41
42
43
# File 'lib/gitlab/auth/ldap/person.rb', line 35

def self.ldap_attributes(config)
  [
    'dn',
    config.uid,
    *config.attributes['name'],
    *config.attributes['email'],
    *config.attributes['username']
  ].compact.uniq.reject(&:blank?)
end

.normalize_dn(dn) ⇒ Object



45
46
47
48
49
50
51
# File 'lib/gitlab/auth/ldap/person.rb', line 45

def self.normalize_dn(dn)
  ::Gitlab::Auth::Ldap::DN.new(dn).to_normalized_s
rescue ::Gitlab::Auth::Ldap::DN::FormatError => e
  Gitlab::AppLogger.info("Returning original DN \"#{dn}\" due to error during normalization attempt: #{e.message}")

  dn
end

.normalize_uid(uid) ⇒ Object

Returns the UID in a normalized form.

  1. Excess spaces are stripped

  2. The string is downcased (for case-insensitivity)



57
58
59
60
61
62
63
# File 'lib/gitlab/auth/ldap/person.rb', line 57

def self.normalize_uid(uid)
  ::Gitlab::Auth::Ldap::DN.normalize_value(uid)
rescue ::Gitlab::Auth::Ldap::DN::FormatError => e
  Gitlab::AppLogger.info("Returning original UID \"#{uid}\" due to error during normalization attempt: #{e.message}")

  uid
end

Instance Method Details

#dnObject



95
96
97
# File 'lib/gitlab/auth/ldap/person.rb', line 95

def dn
  self.class.normalize_dn(entry.dn)
end

#emailObject



91
92
93
# File 'lib/gitlab/auth/ldap/person.rb', line 91

def email
  attribute_value(:email)
end

#nameObject



71
72
73
# File 'lib/gitlab/auth/ldap/person.rb', line 71

def name
  attribute_value(:name)&.first
end

#uidObject



75
76
77
# File 'lib/gitlab/auth/ldap/person.rb', line 75

def uid
  entry.public_send(config.uid).first # rubocop:disable GitlabSecurity/PublicSend
end

#usernameObject



79
80
81
82
83
84
85
86
87
88
89
# File 'lib/gitlab/auth/ldap/person.rb', line 79

def username
  username = attribute_value(:username)

  # Depending on the attribute, multiple values may
  # be returned. We need only one for username.
  # Ex. `uid` returns only one value but `mail` may
  # return an array of multiple email addresses.
  [username].flatten.first.tap do |username|
    username.downcase! if config.lowercase_usernames
  end
end