125cb9b866
Don't accidentally unblock auto created users from Active Directory.
2015-05-12 11:26:43 +02:00
b953796ac8
Update authentication.rb
...
correct spelling
2015-05-04 14:09:03 +02:00
238e4f0295
Add config var to block auto-created LDAP users.
2015-04-14 17:09:05 +02:00
c43411e97a
Non-persisted users already have the identity by way of build_new_user.
2015-04-14 17:08:49 +02:00
4ab717ea6a
Merge branch 'ldap_migration'
...
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Conflicts:
db/schema.rb
2015-04-13 17:18:02 +03:00
6e88d9335b
Merge branch 'skip-email-reconfirmation' into 'master'
...
Skip email confirmation when set by admin or via LDAP.
Addresses private issue https://dev.gitlab.org/gitlab/gitlabhq/issues/2203 .
See merge request !494
2015-04-13 13:44:56 +00:00
325b66365b
Remove special cases for the 'ldap' provider
2015-04-13 11:04:31 +02:00
2cefdbb535
Move lib/gitlab/oauth to lib/gitlab/o_auth
...
Lets Rails autoload these files by name
2015-04-09 14:19:24 -04:00
f2af30f195
Skip email confirmation when set by admin or via LDAP.
2015-04-06 13:27:19 +02:00
1502fed795
Faulty LDAP DN name escaping removed
...
The Net::LDAP::Filter.escape function can not be used to escape the DN name because the backslash is required to escape special chars in the DN name. This leads to the error message "Access denied for your LDAP account." and prevents the user from logging in to gitlab.
Example DN:
CN=Test\, User,OU=Organization,DC=Company
CN=Test User,OU=Organization,DC=Company
http://www.ietf.org/rfc/rfc4514.txt
2015-03-21 22:57:55 +01:00
8fed435208
Unblock user if they were unblocked in AD.
2015-03-13 22:34:11 +01:00
e7f4f0ae1d
Block user if he/she was blocked in Active Directory
2015-03-12 11:53:21 -07:00
757dca2b78
Escape wildcards when searching LDAP by username.
2015-03-06 13:39:57 +01:00
cc39bca3fa
Rubocop: Style/AlignHash enabled
2015-02-02 21:15:44 -08:00
ca701a9649
Improvements to LDAP::User model
...
* method #changed? also tracks changes of identites (fixes issue with email mapping)
* find ldap identity before initialize one
2015-01-29 13:28:41 -08:00
3a5ed5260b
Supporting for multiple omniauth provider for the same user
2014-12-04 13:03:55 +02:00
1a80d13a39
Multi-provider auth. LDAP is not reworked
2014-12-04 13:01:50 +02:00
472a6621e9
Fix LDAP config lookup for provider 'ldap'
2014-10-23 22:57:16 +02:00
6b2b20af41
Fix LDAP authentication for Git HTTP access
2014-10-23 14:21:58 +02:00
da21b9e7d0
Fix rake gitlab:ldap:check
...
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2014-10-21 18:26:40 +03:00
6ce65a3e95
Use Hash syntax for LDAP server declaration
2014-10-14 13:13:59 +02:00
ab04096c6c
Add explaining note to authentication method [skip ci]
2014-10-14 11:16:47 +02:00
18d2ee31e8
Use server specific uid
2014-10-14 10:54:43 +02:00
d3056feb11
Make sure the filters are applied
2014-10-14 10:08:47 +02:00
b229b0f003
Fix authorization for LDAP login
2014-10-14 09:40:35 +02:00
93505f7d04
DRY find method to find Gitlab user
2014-10-14 09:05:29 +02:00
410d6e306b
Remove unused method
2014-10-14 08:54:15 +02:00
01b791237c
Refactor lib files for multiple LDAP groups
2014-10-13 17:24:05 +02:00
d059f50d4c
Refactor OAuth refactorings to CE
2014-10-10 12:03:32 +02:00
f7aba277e7
Add option to gitlab config to specify if LDAP server is active directory.
2014-09-30 12:07:31 +02:00
b18d1c2786
Remove duplicated create method
2014-09-08 15:25:42 +02:00
11bb67c3c6
Test authenticate method for Gitlab::LDAP::User
2014-09-08 14:53:59 +02:00
5b86dab03b
Move auth hash to a seperate class
2014-09-04 12:55:10 +02:00
1bd15fa717
Use instance methods of LDAP::User as well
...
Still in need of some proper cleanup
2014-09-03 17:33:03 +02:00
62fc80642d
Refactor Oauth::User class to use instance methods
2014-09-03 15:59:50 +02:00
c0323b40ee
Refactor: beter naming for active directory disabled users
2014-09-01 16:35:18 +02:00
ca17e4b7ad
Remove duplicate method
2014-09-01 14:30:31 +02:00
14f5199cdc
Merge branch 'feature-ldap-tests' into 'master'
...
Feature ldap tests
Move specs to proper places. Relates to #154
This is already mergeable, will continue in a new branch for additions & refactorings.
See merge request !1053
2014-08-30 07:16:45 +00:00
0d5ae2802e
Move and rename ldap / oauth specs
2014-08-29 17:30:42 +02:00
614ca3ec65
Remove LDAP::Access#find_user
...
This method existed to allow LDAP users to take over existing GitLab
accounts if the part before the '@' of their LDAP email attribute
matched the username of an existing GitLab user. I propose to disable
this behavior in order to prevent unintended GitLab account takeovers.
After this change it is still possible to take over an existing GitLab
account with your LDAP credentials, as long as the GitLab account email
address matches the LDAP user email address.
2014-08-29 15:38:05 +02:00
669682686e
Move LDAP timeout code to Gitlab::LDAP::Access
2014-08-06 18:03:01 +02:00
bac7d17c7b
Fix LDAP TLS authentication
2014-06-19 10:41:23 +02:00
314e4736e4
Strip apostrophe from email generated usernames.
2014-06-11 17:06:28 +02:00
be1120e968
Improve ad_disabled method name
2014-05-14 19:13:06 +02:00
a966f72224
Document the Active Directory magic numbers
2014-05-14 19:08:42 +02:00
11dba4cee7
Fix syntax error in AD disabled user filter
2014-05-14 18:54:05 +02:00
a6e4153878
Check for the AD disabled flag in Access#allowed?
2014-05-14 18:32:40 +02:00
a754f0b220
Add LDAP::Person#ad_disabled?
...
Check the bit for disabled Active Directory users. The filter is based
on http://ctogonewild.com/2009/09/03/bitmask-searches-in-ldap/ .
2014-05-14 18:26:58 +02:00
982d4d51e8
Backport Adapter#dn_matches_filter? from EE
2014-05-14 18:11:14 +02:00
f4bca105d1
Backport Adapter#ldap_search from EE
2014-05-14 18:10:43 +02:00
Douwe Maan
quodos
Dmitriy Zaporozhets
Jacob Vosmaer
Robert Speicher
Michael Alt
Valery Sizov
Jan-Willem van der Meer
Marin Jankovski
Boris HUISGEN
Marin Jankovski