root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity
65,072 Commits 9,131 Branches 1,640 Tags 2 GiB
Commit Graph

32 Commits

Author SHA1 Message Date
James Lopez 67d06dee30 refactor users update service 2017-09-28 08:46:39 +02:00
James Lopez 9621dd0c9d refactor services to match EE signature 2017-09-28 08:46:39 +02:00
Bob Van Landuyt d2eb5bbd9c Fix setting `last_credential_check` on LDAP-login 2017-06-28 09:30:18 +02:00
James Lopez b804db2648 refactor update user service not to do auth checks 2017-06-23 11:41:43 +02:00
James Lopez c9fd3dc42c more refactoring based on feedback 2017-06-23 11:41:42 +02:00
James Lopez 158550cf37 added service in the rest of controllers and classes 2017-06-23 11:41:42 +02:00
Grzegorz Bizon cff423449f Fix Rubocop offenses in LDAP related code and spec 2017-01-10 14:31:21 +01:00
Markus Koller bd0c171c55
fixup! Log messages when blocking/unblocking LDAP accounts 2016-12-20 19:54:37 +01:00
Markus Koller e87e280598
Log messages when blocking/unblocking LDAP accounts 2016-12-20 19:51:45 +01:00
Markus Koller 68364fe2f0
Log LDAP lookup errors and don't swallow unrelated exceptions 
Signed-off-by: Roger Meier <r.meier@siemens.com>
 2016-09-28 07:44:58 +02:00
Gabriel Mazetto c9aa19881c Enable Style/SpaceAroundEqualsInParameterDefault cop 2016-08-06 04:03:01 +02:00
Gabriel Mazetto 5ee6badade Unblocks user when active_directory is disabled and it can be found 2016-04-05 16:34:31 -03:00
Douwe Maan 4d64a32c88 Merge branch 'feature/ldap-sync-edgecases' into 'master' 
LDAP Sync blocked user edgecases

Allow GitLab admins to block otherwise valid GitLab LDAP users
(https://gitlab.com/gitlab-org/gitlab-ce/issues/3462)

Based on the discussion on the original issue, we are going to differentiate "normal" block operations to the ldap automatic ones in order to make some decisions when its one or the other.

Expected behavior:

- [x] "ldap_blocked" users respond to both `blocked?` and `ldap_blocked?`
- [x] "ldap_blocked" users can't be unblocked by the Admin UI
- [x] "ldap_blocked" users can't be unblocked by the API
- [x] Block operations that are originated from LDAP synchronization will flag user as "ldap_blocked"
- [x] Only "ldap_blocked" users will be automatically unblocked by LDAP synchronization
- [x] When LDAP identity is removed, we should convert `ldap_blocked` into `blocked`
 
Mockup for the Admin UI with both "ldap_blocked" and normal "blocked" users:
![image](/uploads/4f56fc17b73cb2c9e2a154a22e7ad291/image.png)

There will be another MR for the EE version.

See merge request !2242
 2016-01-14 11:00:08 +00:00
Gabriel Mazetto dd6fc01ff8 fixed LDAP activation on login to use new ldap_blocked state 2016-01-14 03:31:27 -02:00
Drew Blessing 67aa0b8c4c Optimize LDAP and add a search timeout 2016-01-11 08:17:32 -06:00
Gabriel Mazetto 47e4613f4a Code style fixes and some code simplified 2016-01-08 16:26:04 -02:00
Gabriel Mazetto d6dc088aff LDAP synchronization block/unblock new states 2016-01-08 16:26:04 -02:00
Drew Blessing bf5683f889 Block LDAP user when they are no longer found in the LDAP server 2015-12-08 11:15:30 -06:00
Douwe Maan 125cb9b866 Don't accidentally unblock auto created users from Active Directory. 2015-05-12 11:26:43 +02:00
Douwe Maan 8fed435208 Unblock user if they were unblocked in AD. 2015-03-13 22:34:11 +01:00
Dmitriy Zaporozhets e7f4f0ae1d Block user if he/she was blocked in Active Directory 2015-03-12 11:53:21 -07:00
Valery Sizov 3a5ed5260b Supporting for multiple omniauth provider for the same user 2014-12-04 13:03:55 +02:00
Jan-Willem van der Meer b229b0f003 Fix authorization for LDAP login 2014-10-14 09:40:35 +02:00
Jan-Willem van der Meer 01b791237c Refactor lib files for multiple LDAP groups 2014-10-13 17:24:05 +02:00
Marin Jankovski f7aba277e7 Add option to gitlab config to specify if LDAP server is active directory. 2014-09-30 12:07:31 +02:00
Jan-Willem van der Meer c0323b40ee Refactor: beter naming for active directory disabled users 2014-09-01 16:35:18 +02:00
Jacob Vosmaer 669682686e Move LDAP timeout code to Gitlab::LDAP::Access 2014-08-06 18:03:01 +02:00
Jacob Vosmaer be1120e968 Improve ad_disabled method name 2014-05-14 19:13:06 +02:00
Jacob Vosmaer a6e4153878 Check for the AD disabled flag in Access#allowed? 2014-05-14 18:32:40 +02:00
Jacob Vosmaer 56df3dbff2 Add Gitlab::LDAP::Access.open 
This new method wraps Gitlab::LDAP::Adapter.open to enable connection
reuse.
 2014-03-14 08:55:50 +01:00
Dmitriy Zaporozhets 0fdab6a747
Remove copyright 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2014-03-10 17:09:45 +02:00
Dmitriy Zaporozhets daa7f077db
Port LDAP code from EE 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2014-03-10 14:48:08 +02:00