root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity
38,448 Commits 9,131 Branches 1,640 Tags 2 GiB
Commit Graph

95 Commits

Author SHA1 Message Date
Markus Koller 68364fe2f0
Log LDAP lookup errors and don't swallow unrelated exceptions 
Signed-off-by: Roger Meier <r.meier@siemens.com>
 2016-09-28 07:44:58 +02:00
Drew Blessing 08714d2bcd Move LDAP user attributes to a method 2016-09-15 22:46:22 -05:00
Drew Blessing bf8a48e179 Request only the LDAP attributes we need 2016-09-09 13:14:57 -05:00
Gabriel Mazetto c9aa19881c Enable Style/SpaceAroundEqualsInParameterDefault cop 2016-08-06 04:03:01 +02:00
Grzegorz Bizon e052daa08a Enable Style/EmptyLinesAroundAccessModifier rubocop cop 
See #17478
 2016-06-03 10:34:20 +02:00
Gabriel Mazetto 5ee6badade Unblocks user when active_directory is disabled and it can be found 2016-04-05 16:34:31 -03:00
Patricio Cano 06376be56a Decouple SAML authentication from the default Omniauth logic 2016-02-18 17:01:07 -05:00
Douwe Maan 873b0db220 Revert "Merge branch 'saml-decoupling' into 'master' " 
This reverts commit c04e22fba8, reversing
changes made to 0feab326d5.
 2016-02-18 22:14:53 +01:00
Patricio Cano f014127e17 Decouple SAML authentication from the default Omniauth logic 2016-02-18 13:22:19 -05:00
Douwe Maan 98e1a5b634 Allow LDAP users to change their email if it was not set by the LDAP server 2016-01-19 16:25:38 +01:00
Douwe Maan 4d64a32c88 Merge branch 'feature/ldap-sync-edgecases' into 'master' 
LDAP Sync blocked user edgecases

Allow GitLab admins to block otherwise valid GitLab LDAP users
(https://gitlab.com/gitlab-org/gitlab-ce/issues/3462)

Based on the discussion on the original issue, we are going to differentiate "normal" block operations to the ldap automatic ones in order to make some decisions when its one or the other.

Expected behavior:

- [x] "ldap_blocked" users respond to both `blocked?` and `ldap_blocked?`
- [x] "ldap_blocked" users can't be unblocked by the Admin UI
- [x] "ldap_blocked" users can't be unblocked by the API
- [x] Block operations that are originated from LDAP synchronization will flag user as "ldap_blocked"
- [x] Only "ldap_blocked" users will be automatically unblocked by LDAP synchronization
- [x] When LDAP identity is removed, we should convert `ldap_blocked` into `blocked`
 
Mockup for the Admin UI with both "ldap_blocked" and normal "blocked" users:
![image](/uploads/4f56fc17b73cb2c9e2a154a22e7ad291/image.png)

There will be another MR for the EE version.

See merge request !2242
 2016-01-14 11:00:08 +00:00
Gabriel Mazetto dd6fc01ff8 fixed LDAP activation on login to use new ldap_blocked state 2016-01-14 03:31:27 -02:00
Drew Blessing 67aa0b8c4c Optimize LDAP and add a search timeout 2016-01-11 08:17:32 -06:00
Gabriel Mazetto 47e4613f4a Code style fixes and some code simplified 2016-01-08 16:26:04 -02:00
Gabriel Mazetto d6dc088aff LDAP synchronization block/unblock new states 2016-01-08 16:26:04 -02:00
Douwe Maan 662aa8ec35 No mb_chars needed anymore 2015-12-24 12:37:46 +01:00
Patricio Cano 1d3889eb46 Fix identity and user retrieval when special characters are used 2015-12-22 13:23:35 -05:00
Drew Blessing bf5683f889 Block LDAP user when they are no longer found in the LDAP server 2015-12-08 11:15:30 -06:00
Drew Blessing b7def88c02 Fix ldap email downcasing bug 2015-10-08 14:59:46 -05:00
Петров Роман e82b37a653 Add support of multibyte characters in LDAP UID 2015-09-30 13:47:50 +03:00
Douwe Maan 73a3df4de3 Fix LDAP attribute mapping 2015-09-23 16:37:59 +02:00
Douwe Maan 84d57bc703 Make code clearer 2015-09-16 09:14:04 +02:00
Douwe Maan 909a8443c6 Shuffle config around a bit 2015-09-09 11:40:31 +01:00
Douwe Maan 0e9ba0a4fa Add attributes to LDAP::Config. 2015-09-08 17:34:18 +01:00
Douwe Maan c915e2c823 Allow configuration of LDAP attributes GitLab will use for the new user account. 2015-09-08 16:18:14 +01:00
Douwe Maan d92f428024 Minor refactor 2015-08-29 11:48:54 -07:00
Joel Koglin 4d2f36118a Issue #993: Fixed login failure when extern_uid changes 2015-08-21 09:36:27 -07:00
Douwe Maan 125cb9b866 Don't accidentally unblock auto created users from Active Directory. 2015-05-12 11:26:43 +02:00
quodos b953796ac8 Update authentication.rb 
correct spelling
 2015-05-04 14:09:03 +02:00
Douwe Maan 238e4f0295 Add config var to block auto-created LDAP users. 2015-04-14 17:09:05 +02:00
Douwe Maan c43411e97a Non-persisted users already have the identity by way of build_new_user. 2015-04-14 17:08:49 +02:00
Dmitriy Zaporozhets 4ab717ea6a
Merge branch 'ldap_migration' 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

Conflicts:
	db/schema.rb
 2015-04-13 17:18:02 +03:00
Dmitriy Zaporozhets 6e88d9335b Merge branch 'skip-email-reconfirmation' into 'master' 
Skip email confirmation when set by admin or via LDAP.

Addresses private issue https://dev.gitlab.org/gitlab/gitlabhq/issues/2203.

See merge request !494
 2015-04-13 13:44:56 +00:00
Jacob Vosmaer 325b66365b Remove special cases for the 'ldap' provider 2015-04-13 11:04:31 +02:00
Robert Speicher 2cefdbb535 Move lib/gitlab/oauth to lib/gitlab/o_auth 
Lets Rails autoload these files by name
 2015-04-09 14:19:24 -04:00
Douwe Maan f2af30f195 Skip email confirmation when set by admin or via LDAP. 2015-04-06 13:27:19 +02:00
Michael Alt 1502fed795 Faulty LDAP DN name escaping removed 
The Net::LDAP::Filter.escape function can not be used to escape the DN name because the backslash is required to escape special chars in the DN name. This leads to the error message "Access denied for your LDAP account." and prevents the user from logging in to gitlab.

Example DN: 
CN=Test\, User,OU=Organization,DC=Company
CN=Test User,OU=Organization,DC=Company

http://www.ietf.org/rfc/rfc4514.txt
 2015-03-21 22:57:55 +01:00
Douwe Maan 8fed435208 Unblock user if they were unblocked in AD. 2015-03-13 22:34:11 +01:00
Dmitriy Zaporozhets e7f4f0ae1d Block user if he/she was blocked in Active Directory 2015-03-12 11:53:21 -07:00
Douwe Maan 757dca2b78 Escape wildcards when searching LDAP by username. 2015-03-06 13:39:57 +01:00
Dmitriy Zaporozhets cc39bca3fa Rubocop: Style/AlignHash enabled 2015-02-02 21:15:44 -08:00
Dmitriy Zaporozhets ca701a9649 Improvements to LDAP::User model 
* method #changed? also tracks changes of identites (fixes issue with email mapping)
* find ldap identity before initialize one
 2015-01-29 13:28:41 -08:00
Valery Sizov 3a5ed5260b Supporting for multiple omniauth provider for the same user 2014-12-04 13:03:55 +02:00
Valery Sizov 1a80d13a39 Multi-provider auth. LDAP is not reworked 2014-12-04 13:01:50 +02:00
Jacob Vosmaer 472a6621e9 Fix LDAP config lookup for provider 'ldap' 2014-10-23 22:57:16 +02:00
Jacob Vosmaer 6b2b20af41 Fix LDAP authentication for Git HTTP access 2014-10-23 14:21:58 +02:00
Dmitriy Zaporozhets da21b9e7d0
Fix rake gitlab:ldap:check 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2014-10-21 18:26:40 +03:00
Jan-Willem van der Meer 6ce65a3e95 Use Hash syntax for LDAP server declaration 2014-10-14 13:13:59 +02:00
Jan-Willem van der Meer ab04096c6c Add explaining note to authentication method [skip ci] 2014-10-14 11:16:47 +02:00
Jan-Willem van der Meer 18d2ee31e8 Use server specific uid 2014-10-14 10:54:43 +02:00