Commit c915e2c8 authored by Douwe Maan's avatar Douwe Maan

Allow configuration of LDAP attributes GitLab will use for the new user account.

parent e0da2c35
...@@ -144,6 +144,21 @@ production: &base ...@@ -144,6 +144,21 @@ production: &base
bind_dn: '_the_full_dn_of_the_user_you_will_bind_with' bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
password: '_the_password_of_the_bind_user' password: '_the_password_of_the_bind_user'
# LDAP attributes that GitLab will use to create an account for the LDAP user.
# Can be either the name of an attribute as a string (e.g. 'mail'),
# or an array of names of attributes to try in order (e.g. ['mail', 'email']).
# The default values are listed.
attributes:
# username: ['uid', 'userid', 'sAMAccountName']
# name: 'cn' # Also falls back to a combination of first_name and last_name, see below
# email: ['mail', 'email', 'userPrincipalName']
# If no full name could be found at the attribute specified for `name`,
# the full name is determined as `<first_name> <last_name>`, using the
# attributes specified below.
# first_name: 'givenName'
# last_name: 'sn'
# This setting specifies if LDAP server is Active Directory LDAP server. # This setting specifies if LDAP server is Active Directory LDAP server.
# For non AD servers it skips the AD specific queries. # For non AD servers it skips the AD specific queries.
# If your LDAP server is not AD, set this to false. # If your LDAP server is not AD, set this to false.
......
# Class to parse and transform the info provided by omniauth
#
module Gitlab
module LDAP
class AuthHash < Gitlab::OAuth::AuthHash
attr_accessor :config
def initialize(auth_hash, config)
super(auth_hash)
@config = config
end
private
def get_info(key)
raw_key = config.attributes[key]
return super unless raw_key
value =
case raw_key
when String
get_raw(raw_key)
when Array
raw_key.inject(nil) { |value, key| value || get_raw(key).presence }
else
nil
end
return super unless value
Gitlab::Utils.force_utf8(value)
value
end
def get_raw(key)
auth_hash.extra[:raw_info][key]
end
end
end
end
...@@ -71,6 +71,10 @@ module Gitlab ...@@ -71,6 +71,10 @@ module Gitlab
def ldap_config def ldap_config
Gitlab::LDAP::Config.new(auth_hash.provider) Gitlab::LDAP::Config.new(auth_hash.provider)
end end
def auth_hash=(auth_hash)
@auth_hash = Gitlab::LDAP::AuthHash.new(auth_hash, ldap_config)
end
end end
end end
end end
...@@ -16,16 +16,6 @@ module Gitlab ...@@ -16,16 +16,6 @@ module Gitlab
@provider ||= Gitlab::Utils.force_utf8(auth_hash.provider.to_s) @provider ||= Gitlab::Utils.force_utf8(auth_hash.provider.to_s)
end end
def info
auth_hash.info
end
def get_info(key)
value = info.try(key)
Gitlab::Utils.force_utf8(value) if value
value
end
def name def name
@name ||= get_info(:name) || "#{get_info(:first_name)} #{get_info(:last_name)}" @name ||= get_info(:name) || "#{get_info(:first_name)} #{get_info(:last_name)}"
end end
...@@ -44,9 +34,21 @@ module Gitlab ...@@ -44,9 +34,21 @@ module Gitlab
private private
def info
auth_hash.info
end
def get_info(key)
key = :nickname if key == :username
value = info[key]
Gitlab::Utils.force_utf8(value) if value
value
end
def username_and_email def username_and_email
@username_and_email ||= begin @username_and_email ||= begin
username = get_info(:nickname) || get_info(:username) username = get_info(:username)
email = get_info(:email) email = get_info(:email)
username ||= generate_username(email) if email username ||= generate_username(email) if email
......
...@@ -3,11 +3,11 @@ require 'spec_helper' ...@@ -3,11 +3,11 @@ require 'spec_helper'
describe Gitlab::OAuth::AuthHash do describe Gitlab::OAuth::AuthHash do
let(:auth_hash) do let(:auth_hash) do
Gitlab::OAuth::AuthHash.new( Gitlab::OAuth::AuthHash.new(
double({ OmniAuth::AuthHash.new(
provider: provider_ascii, provider: provider_ascii,
uid: uid_ascii, uid: uid_ascii,
info: double(info_hash) info: info_hash
}) )
) )
end end
......
...@@ -5,7 +5,7 @@ describe Gitlab::OAuth::User do ...@@ -5,7 +5,7 @@ describe Gitlab::OAuth::User do
let(:gl_user) { oauth_user.gl_user } let(:gl_user) { oauth_user.gl_user }
let(:uid) { 'my-uid' } let(:uid) { 'my-uid' }
let(:provider) { 'my-provider' } let(:provider) { 'my-provider' }
let(:auth_hash) { double(uid: uid, provider: provider, info: double(info_hash)) } let(:auth_hash) { OmniAuth::AuthHash.new(uid: uid, provider: provider, info: info_hash) }
let(:info_hash) do let(:info_hash) do
{ {
nickname: '-john+gitlab-ETC%.git@gmail.com', nickname: '-john+gitlab-ETC%.git@gmail.com',
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment