Commit 07437ac3d436d427e4e8554f685f09a17d31e171

Authored by Dmitriy Zaporozhets
2 parents db10e6aa baa65e89

Merge branch 'feature/ssh_ldap_check' of /home/git/repositories/gitlab/gitlabhq

Showing 2 changed files with 11 additions and 0 deletions   Show diff stats
lib/api/internal.rb
@@ -35,6 +35,7 @@ module API @@ -35,6 +35,7 @@ module API
35 user = key.user 35 user = key.user
36 36
37 return false if user.blocked? 37 return false if user.blocked?
  38 + return false if user.ldap_user? && Gitlab::LDAP::User.blocked?(user.extern_uid)
38 39
39 action = case git_cmd 40 action = case git_cmd
40 when *DOWNLOAD_COMMANDS 41 when *DOWNLOAD_COMMANDS
lib/gitlab/ldap/user.rb
@@ -71,6 +71,16 @@ module Gitlab @@ -71,6 +71,16 @@ module Gitlab
71 find_by_uid(ldap_user.dn) if ldap_user 71 find_by_uid(ldap_user.dn) if ldap_user
72 end 72 end
73 73
  74 + # Check LDAP user existance by dn. User in git over ssh check
  75 + #
  76 + # It covers 2 cases:
  77 + # * when ldap account was removed
  78 + # * when ldap account was deactivated by change of OU membership in 'dn'
  79 + def blocked?(dn)
  80 + ldap = OmniAuth::LDAP::Adaptor.new(ldap_conf)
  81 + ldap.connection.search(base: dn, size: 1).blank?
  82 + end
  83 +
74 private 84 private
75 85
76 def find_by_uid(uid) 86 def find_by_uid(uid)