1502fed795
Faulty LDAP DN name escaping removed
...
The Net::LDAP::Filter.escape function can not be used to escape the DN name because the backslash is required to escape special chars in the DN name. This leads to the error message "Access denied for your LDAP account." and prevents the user from logging in to gitlab.
Example DN:
CN=Test\, User,OU=Organization,DC=Company
CN=Test User,OU=Organization,DC=Company
http://www.ietf.org/rfc/rfc4514.txt
2015-03-21 22:57:55 +01:00
8fed435208
Unblock user if they were unblocked in AD.
2015-03-13 22:34:11 +01:00
e7f4f0ae1d
Block user if he/she was blocked in Active Directory
2015-03-12 11:53:21 -07:00
757dca2b78
Escape wildcards when searching LDAP by username.
2015-03-06 13:39:57 +01:00
cc39bca3fa
Rubocop: Style/AlignHash enabled
2015-02-02 21:15:44 -08:00
ca701a9649
Improvements to LDAP::User model
...
* method #changed? also tracks changes of identites (fixes issue with email mapping)
* find ldap identity before initialize one
2015-01-29 13:28:41 -08:00
3a5ed5260b
Supporting for multiple omniauth provider for the same user
2014-12-04 13:03:55 +02:00
1a80d13a39
Multi-provider auth. LDAP is not reworked
2014-12-04 13:01:50 +02:00
472a6621e9
Fix LDAP config lookup for provider 'ldap'
2014-10-23 22:57:16 +02:00
6b2b20af41
Fix LDAP authentication for Git HTTP access
2014-10-23 14:21:58 +02:00
da21b9e7d0
Fix rake gitlab:ldap:check
...
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2014-10-21 18:26:40 +03:00
6ce65a3e95
Use Hash syntax for LDAP server declaration
2014-10-14 13:13:59 +02:00
ab04096c6c
Add explaining note to authentication method [skip ci]
2014-10-14 11:16:47 +02:00
18d2ee31e8
Use server specific uid
2014-10-14 10:54:43 +02:00
d3056feb11
Make sure the filters are applied
2014-10-14 10:08:47 +02:00
b229b0f003
Fix authorization for LDAP login
2014-10-14 09:40:35 +02:00
93505f7d04
DRY find method to find Gitlab user
2014-10-14 09:05:29 +02:00
410d6e306b
Remove unused method
2014-10-14 08:54:15 +02:00
01b791237c
Refactor lib files for multiple LDAP groups
2014-10-13 17:24:05 +02:00
d059f50d4c
Refactor OAuth refactorings to CE
2014-10-10 12:03:32 +02:00
f7aba277e7
Add option to gitlab config to specify if LDAP server is active directory.
2014-09-30 12:07:31 +02:00
b18d1c2786
Remove duplicated create method
2014-09-08 15:25:42 +02:00
11bb67c3c6
Test authenticate method for Gitlab::LDAP::User
2014-09-08 14:53:59 +02:00
5b86dab03b
Move auth hash to a seperate class
2014-09-04 12:55:10 +02:00
1bd15fa717
Use instance methods of LDAP::User as well
...
Still in need of some proper cleanup
2014-09-03 17:33:03 +02:00
62fc80642d
Refactor Oauth::User class to use instance methods
2014-09-03 15:59:50 +02:00
c0323b40ee
Refactor: beter naming for active directory disabled users
2014-09-01 16:35:18 +02:00
ca17e4b7ad
Remove duplicate method
2014-09-01 14:30:31 +02:00
14f5199cdc
Merge branch 'feature-ldap-tests' into 'master'
...
Feature ldap tests
Move specs to proper places. Relates to #154
This is already mergeable, will continue in a new branch for additions & refactorings.
See merge request !1053
2014-08-30 07:16:45 +00:00
0d5ae2802e
Move and rename ldap / oauth specs
2014-08-29 17:30:42 +02:00
614ca3ec65
Remove LDAP::Access#find_user
...
This method existed to allow LDAP users to take over existing GitLab
accounts if the part before the '@' of their LDAP email attribute
matched the username of an existing GitLab user. I propose to disable
this behavior in order to prevent unintended GitLab account takeovers.
After this change it is still possible to take over an existing GitLab
account with your LDAP credentials, as long as the GitLab account email
address matches the LDAP user email address.
2014-08-29 15:38:05 +02:00
669682686e
Move LDAP timeout code to Gitlab::LDAP::Access
2014-08-06 18:03:01 +02:00
bac7d17c7b
Fix LDAP TLS authentication
2014-06-19 10:41:23 +02:00
314e4736e4
Strip apostrophe from email generated usernames.
2014-06-11 17:06:28 +02:00
be1120e968
Improve ad_disabled method name
2014-05-14 19:13:06 +02:00
a966f72224
Document the Active Directory magic numbers
2014-05-14 19:08:42 +02:00
11dba4cee7
Fix syntax error in AD disabled user filter
2014-05-14 18:54:05 +02:00
a6e4153878
Check for the AD disabled flag in Access#allowed?
2014-05-14 18:32:40 +02:00
a754f0b220
Add LDAP::Person#ad_disabled?
...
Check the bit for disabled Active Directory users. The filter is based
on http://ctogonewild.com/2009/09/03/bitmask-searches-in-ldap/ .
2014-05-14 18:26:58 +02:00
982d4d51e8
Backport Adapter#dn_matches_filter? from EE
2014-05-14 18:11:14 +02:00
f4bca105d1
Backport Adapter#ldap_search from EE
2014-05-14 18:10:43 +02:00
de794b6a77
Add scoping to ldap lookup when only dn given
2014-04-23 21:00:56 -06:00
fdeacf0ad1
Merge pull request #6317 from jirutka/fix-ldap-dn-case
...
Fix searching by extern_uid for LDAP to be case-insensitive
2014-03-29 14:08:31 +02:00
2e6b537018
Use omniauth nickname as the username for LDAP
...
Before there was a bug in omniauth-ldap which prevented samaccountname
showing up as a possible username for new LDAP users. Thanks to upstream
fixes, we no longer need to work around this bug.
2014-03-28 13:57:52 +01:00
56df3dbff2
Add Gitlab::LDAP::Access.open
...
This new method wraps Gitlab::LDAP::Adapter.open to enable connection
reuse.
2014-03-14 08:55:50 +01:00
af53aa9072
Add Gitlab::LDAP::Adapter.open
...
This new method is based on Net::LDAP.open, which reuses a single LDAP
connection.
2014-03-14 08:53:46 +01:00
5a616649b5
Allow passing an adapter to Gitlab::LDAP::Person
2014-03-14 08:52:57 +01:00
0fdab6a747
Remove copyright
...
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2014-03-10 17:09:45 +02:00
daa7f077db
Port LDAP code from EE
...
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2014-03-10 14:48:08 +02:00
91e7692b66
Fix searching by extern_uid for LDAP to be case-insensitive
2014-02-18 19:38:22 +01:00
a3f645ef51
Remove deprecated finders
2014-01-19 23:39:56 +04:00
71e92681f2
We welcome everyone to contribute.
2013-12-01 11:53:00 +01:00
bc8a875df1
When looking up a user by DN, use single scope
...
The blocked? method is used to check whether a user exists in LDAP. Prior to this change, if the LDAP server had more objects below the one pointed to by the DN, those objects would also be picked up by the search, causing the method to determine the user should be blocked.
One case where this can happen is when using Active Directory and a user have a mobile phone assigned. In this case, Exchange will add an entry called ExchangeActiveSyncDevices under the users entry. The user-visible behaviour is then that a user loses Gitlab access when he enables a mobile device.
This fix sets the search scope to BaseObject in order to ensure that only the user itself is returned.
2013-11-03 21:51:10 +08:00
baa65e89b9
Check if LDAP user was removed or blocked when use git over ssh
2013-10-07 16:06:30 +03:00
8a8123a3d4
Update for readability
...
fixed a test a broke in the configurable theme PR
Change-Id: Id894506941bc01ab0d259d48ca7ff9b80bb2c57e
2013-09-22 20:56:17 -04:00
4fcc17e667
Allows username only updates to ldap properties
...
-when logging in if users are allowed to login with just usernames in ldap we will update uid of the user if their uid is out of date
Conflicts:
spec/lib/auth_spec.rb
Change-Id: Ia171b3d5133da86edc18c0d08ecfaf6a174f2574
2013-09-22 20:25:47 -04:00
0df1cf7fcc
Inherit Gitlab::LDAP::User from Gitlab::OAuth::User
2013-09-04 00:06:13 +03:00
71abf70458
Move ldap auth to LDAP::User. Removed unused code
2013-09-02 23:50:45 +03:00
6bf117c601
Mode User+LDAP functionality from Gitlab::Auth
2013-09-02 23:35:40 +03:00
Michael Alt
Douwe Maan
Dmitriy Zaporozhets
Valery Sizov
Jacob Vosmaer
Jan-Willem van der Meer
Marin Jankovski
Boris HUISGEN
Marin Jankovski
Ben Bytheway
Jakub Jirutka
skv
Sytse Sijbrandij
Elias Mårtenson
Izaak Alpert