Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kazuhiko Shiozaki
gitlab-ce
Commits
67aa0b8c
Commit
67aa0b8c
authored
Dec 31, 2015
by
Drew Blessing
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Optimize LDAP and add a search timeout
parent
a9800ce4
Changes
7
Show whitespace changes
Inline
Side-by-side
Showing
7 changed files
with
37 additions
and
11 deletions
+37
-11
CHANGELOG
CHANGELOG
+1
-0
config/gitlab.yml.example
config/gitlab.yml.example
+5
-0
config/initializers/1_settings.rb
config/initializers/1_settings.rb
+1
-0
doc/integration/ldap.md
doc/integration/ldap.md
+5
-0
lib/gitlab/ldap/access.rb
lib/gitlab/ldap/access.rb
+6
-2
lib/gitlab/ldap/adapter.rb
lib/gitlab/ldap/adapter.rb
+15
-9
lib/gitlab/ldap/config.rb
lib/gitlab/ldap/config.rb
+4
-0
No files found.
CHANGELOG
View file @
67aa0b8c
...
@@ -37,6 +37,7 @@ v 8.4.0 (unreleased)
...
@@ -37,6 +37,7 @@ v 8.4.0 (unreleased)
v 8.3.3 (unreleased)
v 8.3.3 (unreleased)
- Preserve CE behavior with JIRA integration by only calling API if URL is set
- Preserve CE behavior with JIRA integration by only calling API if URL is set
- Fix duplicated branch creation/deletion events when using Web UI (Stan Hu)
- Fix duplicated branch creation/deletion events when using Web UI (Stan Hu)
- Add configurable LDAP server query timeout
- Get "Merge when build succeeds" to work when commits were pushed to MR target branch while builds were running
- Get "Merge when build succeeds" to work when commits were pushed to MR target branch while builds were running
- Suppress e-mails on failed builds if allow_failure is set (Stan Hu)
- Suppress e-mails on failed builds if allow_failure is set (Stan Hu)
- Fix project transfer e-mail sending incorrect paths in e-mail notification (Stan Hu)
- Fix project transfer e-mail sending incorrect paths in e-mail notification (Stan Hu)
...
...
config/gitlab.yml.example
View file @
67aa0b8c
...
@@ -204,6 +204,11 @@ production: &base
...
@@ -204,6 +204,11 @@ production: &base
bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
password: '_the_password_of_the_bind_user'
password: '_the_password_of_the_bind_user'
# Set a timeout, in seconds, for LDAP queries. This helps avoid blocking
# a request if the LDAP server becomes unresponsive.
# A value of 0 means there is no timeout.
timeout: 10
# This setting specifies if LDAP server is Active Directory LDAP server.
# This setting specifies if LDAP server is Active Directory LDAP server.
# For non AD servers it skips the AD specific queries.
# For non AD servers it skips the AD specific queries.
# If your LDAP server is not AD, set this to false.
# If your LDAP server is not AD, set this to false.
...
...
config/initializers/1_settings.rb
View file @
67aa0b8c
...
@@ -108,6 +108,7 @@ if Settings.ldap['enabled'] || Rails.env.test?
...
@@ -108,6 +108,7 @@ if Settings.ldap['enabled'] || Rails.env.test?
Settings
.
ldap
[
'servers'
].
each
do
|
key
,
server
|
Settings
.
ldap
[
'servers'
].
each
do
|
key
,
server
|
server
[
'label'
]
||=
'LDAP'
server
[
'label'
]
||=
'LDAP'
server
[
'timeout'
]
||=
10
.
seconds
server
[
'block_auto_created_users'
]
=
false
if
server
[
'block_auto_created_users'
].
nil?
server
[
'block_auto_created_users'
]
=
false
if
server
[
'block_auto_created_users'
].
nil?
server
[
'allow_username_or_email_login'
]
=
false
if
server
[
'allow_username_or_email_login'
].
nil?
server
[
'allow_username_or_email_login'
]
=
false
if
server
[
'allow_username_or_email_login'
].
nil?
server
[
'active_directory'
]
=
true
if
server
[
'active_directory'
].
nil?
server
[
'active_directory'
]
=
true
if
server
[
'active_directory'
].
nil?
...
...
doc/integration/ldap.md
View file @
67aa0b8c
...
@@ -48,6 +48,11 @@ main: # 'main' is the GitLab 'provider ID' of this LDAP server
...
@@ -48,6 +48,11 @@ main: # 'main' is the GitLab 'provider ID' of this LDAP server
bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
password: '_the_password_of_the_bind_user'
password: '_the_password_of_the_bind_user'
# Set a timeout, in seconds, for LDAP queries. This helps avoid blocking
# a request if the LDAP server becomes unresponsive.
# A value of 0 means there is no timeout.
timeout: 10
# This setting specifies if LDAP server is Active Directory LDAP server.
# This setting specifies if LDAP server is Active Directory LDAP server.
# For non AD servers it skips the AD specific queries.
# For non AD servers it skips the AD specific queries.
# If your LDAP server is not AD, set this to false.
# If your LDAP server is not AD, set this to false.
...
...
lib/gitlab/ldap/access.rb
View file @
67aa0b8c
...
@@ -5,7 +5,7 @@
...
@@ -5,7 +5,7 @@
module
Gitlab
module
Gitlab
module
LDAP
module
LDAP
class
Access
class
Access
attr_reader
:
adapter
,
:
provider
,
:user
attr_reader
:provider
,
:user
def
self
.
open
(
user
,
&
block
)
def
self
.
open
(
user
,
&
block
)
Gitlab
::
LDAP
::
Adapter
.
open
(
user
.
ldap_identity
.
provider
)
do
|
adapter
|
Gitlab
::
LDAP
::
Adapter
.
open
(
user
.
ldap_identity
.
provider
)
do
|
adapter
|
...
@@ -32,7 +32,7 @@ module Gitlab
...
@@ -32,7 +32,7 @@ module Gitlab
end
end
def
allowed?
def
allowed?
if
Gitlab
::
LDAP
::
Person
.
find_by_dn
(
user
.
ldap_identity
.
extern_uid
,
adapter
)
if
ldap_user
return
true
unless
ldap_config
.
active_directory
return
true
unless
ldap_config
.
active_directory
# Block user in GitLab if he/she was blocked in AD
# Block user in GitLab if he/she was blocked in AD
...
@@ -59,6 +59,10 @@ module Gitlab
...
@@ -59,6 +59,10 @@ module Gitlab
def
ldap_config
def
ldap_config
Gitlab
::
LDAP
::
Config
.
new
(
provider
)
Gitlab
::
LDAP
::
Config
.
new
(
provider
)
end
end
def
ldap_user
@ldap_user
||=
Gitlab
::
LDAP
::
Person
.
find_by_dn
(
user
.
ldap_identity
.
extern_uid
,
adapter
)
end
end
end
end
end
end
end
lib/gitlab/ldap/adapter.rb
View file @
67aa0b8c
...
@@ -70,6 +70,8 @@ module Gitlab
...
@@ -70,6 +70,8 @@ module Gitlab
end
end
def
ldap_search
(
*
args
)
def
ldap_search
(
*
args
)
# Net::LDAP's `time` argument doesn't work. Use Ruby `Timeout` instead.
Timeout
.
timeout
(
config
.
timeout
)
do
results
=
ldap
.
search
(
*
args
)
results
=
ldap
.
search
(
*
args
)
if
results
.
nil?
if
results
.
nil?
...
@@ -84,6 +86,10 @@ module Gitlab
...
@@ -84,6 +86,10 @@ module Gitlab
results
results
end
end
end
end
rescue
Timeout
::
Error
Rails
.
logger
.
warn
(
"LDAP search timed out after
#{
config
.
timeout
}
seconds"
)
[]
end
end
end
end
end
end
end
lib/gitlab/ldap/config.rb
View file @
67aa0b8c
...
@@ -88,6 +88,10 @@ module Gitlab
...
@@ -88,6 +88,10 @@ module Gitlab
options
[
'attributes'
]
options
[
'attributes'
]
end
end
def
timeout
options
[
'timeout'
].
to_i
end
protected
protected
def
base_config
def
base_config
Gitlab
.
config
.
ldap
Gitlab
.
config
.
ldap
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment