debian-mirror-gitlab/lib/gitlab/ldap/adapter.rb

109 lines
2.8 KiB
Ruby
Raw Normal View History

2014-09-02 18:07:02 +05:30
module Gitlab
module LDAP
class Adapter
2015-04-26 12:48:37 +05:30
attr_reader :provider, :ldap
2014-09-02 18:07:02 +05:30
2015-04-26 12:48:37 +05:30
def self.open(provider, &block)
Net::LDAP.open(config(provider).adapter_options) do |ldap|
block.call(self.new(provider, ldap))
2014-09-02 18:07:02 +05:30
end
end
2015-04-26 12:48:37 +05:30
def self.config(provider)
Gitlab::LDAP::Config.new(provider)
2014-09-02 18:07:02 +05:30
end
2016-09-13 17:45:13 +05:30
def initialize(provider, ldap = nil)
2015-04-26 12:48:37 +05:30
@provider = provider
@ldap = ldap || Net::LDAP.new(config.adapter_options)
2014-09-02 18:07:02 +05:30
end
2015-04-26 12:48:37 +05:30
def config
Gitlab::LDAP::Config.new(provider)
2014-09-02 18:07:02 +05:30
end
2018-03-17 18:26:18 +05:30
def users(fields, value, limit = nil)
options = user_options(Array(fields), value, limit)
2015-04-26 12:48:37 +05:30
2014-09-02 18:07:02 +05:30
entries = ldap_search(options).select do |entry|
entry.respond_to? config.uid
end
entries.map do |entry|
2015-04-26 12:48:37 +05:30
Gitlab::LDAP::Person.new(entry, provider)
2014-09-02 18:07:02 +05:30
end
end
def user(*args)
users(*args).first
end
def dn_matches_filter?(dn, filter)
2015-04-26 12:48:37 +05:30
ldap_search(base: dn,
filter: filter,
scope: Net::LDAP::SearchScope_BaseObject,
attributes: %w{dn}).any?
2014-09-02 18:07:02 +05:30
end
def ldap_search(*args)
# Net::LDAP's `time` argument doesn't work. Use Ruby `Timeout` instead.
Timeout.timeout(config.timeout) do
results = ldap.search(*args)
2014-09-02 18:07:02 +05:30
if results.nil?
response = ldap.get_operation_result
2014-09-02 18:07:02 +05:30
unless response.code.zero?
Rails.logger.warn("LDAP search error: #{response.message}")
end
2014-09-02 18:07:02 +05:30
[]
else
results
end
2014-09-02 18:07:02 +05:30
end
2016-11-03 12:29:30 +05:30
rescue Net::LDAP::Error => error
Rails.logger.warn("LDAP search raised exception #{error.class}: #{error.message}")
[]
rescue Timeout::Error
Rails.logger.warn("LDAP search timed out after #{config.timeout} seconds")
[]
2014-09-02 18:07:02 +05:30
end
2016-09-29 09:46:39 +05:30
private
2018-03-17 18:26:18 +05:30
def user_options(fields, value, limit)
options = {
attributes: Gitlab::LDAP::Person.ldap_attributes(config),
base: config.base
}
2016-09-29 09:46:39 +05:30
options[:size] = limit if limit
2018-03-17 18:26:18 +05:30
if fields.include?('dn')
raise ArgumentError, 'It is not currently possible to search the DN and other fields at the same time.' if fields.size > 1
2016-09-29 09:46:39 +05:30
options[:base] = value
options[:scope] = Net::LDAP::SearchScope_BaseObject
else
2018-03-17 18:26:18 +05:30
filter = fields.map { |field| Net::LDAP::Filter.eq(field, value) }.inject(:|)
2016-09-29 09:46:39 +05:30
end
2018-03-17 18:26:18 +05:30
options.merge(filter: user_filter(filter))
2016-09-29 09:46:39 +05:30
end
def user_filter(filter = nil)
2017-08-17 22:00:37 +05:30
user_filter = config.constructed_user_filter if config.user_filter.present?
2016-09-29 09:46:39 +05:30
if user_filter && filter
Net::LDAP::Filter.join(filter, user_filter)
elsif user_filter
user_filter
else
filter
end
end
2014-09-02 18:07:02 +05:30
end
end
end