Merge branch 'ldap_check' of /home/git/repositories/gitlab/gitlabhq

Dmitriy Zaporozhets
2 parents 4f067ae9 80302a0f
Showing 2 changed files with 41 additions and 0 deletions Show diff stats
config/gitlab.yml.example
lib/tasks/gitlab/check.rake
@@ -114,6 +114,8 @@ production: &amp;base
   # ==========================
   ## LDAP settings
+  # You can inspect the first 100 LDAP users with login access by running:
+  #   bundle exec rake gitlab:ldap:check[100] RAILS_ENV=production
   ldap:
     enabled: false
     host: '_your_ldap_server'
@@ -3,6 +3,7 @@ namespace :gitlab do
   task check: %w{gitlab:env:check
                  gitlab:gitlab_shell:check
                  gitlab:sidekiq:check
+                 gitlab:ldap:check
                  gitlab:app:check}
@@ -679,6 +680,44 @@ namespace :gitlab do
     end
   end
+  namespace :ldap do
+    task :check, [:limit] => :environment do |t, args|
+      args.with_defaults(limit: 100)
+      warn_user_is_not_gitlab
+      start_checking "LDAP"
+
+      if ldap_config.enabled
+        print_users(args.limit)
+      else
+        puts 'LDAP is disabled in config/gitlab.yml'
+      end
+
+      finished_checking "LDAP"
+    end
+
+    def print_users(limit)
+      puts "LDAP users with access to your GitLab server (limit: #{limit}):"
+      ldap.search(attributes: attributes, filter: filter, size: limit, return_result: false) do |entry|
+        puts "DN: #{entry.dn}\t#{ldap_config.uid}: #{entry[ldap_config.uid]}"
+      end
+    end
+
+    def attributes
+      [ldap_config.uid]
+    end
+
+    def filter
+      Net::LDAP::Filter.present?(ldap_config.uid)
+    end
+
+    def ldap
+      @ldap ||= OmniAuth::LDAP::Adaptor.new(ldap_config).connection
+    end
+
+    def ldap_config
+      @ldap_config ||= Gitlab.config.ldap
+    end
+  end
   # Helper methods
   ##########################
	@@ -3,6 +3,7 @@ namespace :gitlab do		@@ -3,6 +3,7 @@ namespace :gitlab do
3	task check: %w{gitlab:env:check	3	task check: %w{gitlab:env:check
4	gitlab:gitlab_shell:check	4	gitlab:gitlab_shell:check
5	gitlab:sidekiq:check	5	gitlab:sidekiq:check
		6	+ gitlab:ldap:check
6	gitlab:app:check}	7	gitlab:app:check}
7		8
8		9
	@@ -679,6 +680,44 @@ namespace :gitlab do		@@ -679,6 +680,44 @@ namespace :gitlab do
679	end	680	end
680	end	681	end
681		682
		683	+ namespace :ldap do
		684	+ task :check, [:limit] => :environment do \|t, args\|
		685	+ args.with_defaults(limit: 100)
		686	+ warn_user_is_not_gitlab
		687	+ start_checking "LDAP"
		688	+
		689	+ if ldap_config.enabled
		690	+ print_users(args.limit)
		691	+ else
		692	+ puts 'LDAP is disabled in config/gitlab.yml'
		693	+ end
		694	+
		695	+ finished_checking "LDAP"
		696	+ end
		697	+
		698	+ def print_users(limit)
		699	+ puts "LDAP users with access to your GitLab server (limit: #{limit}):"
		700	+ ldap.search(attributes: attributes, filter: filter, size: limit, return_result: false) do \|entry\|
		701	+ puts "DN: #{entry.dn}\t#{ldap_config.uid}: #{entry[ldap_config.uid]}"
		702	+ end
		703	+ end
		704	+
		705	+ def attributes
		706	+ [ldap_config.uid]
		707	+ end
		708	+
		709	+ def filter
		710	+ Net::LDAP::Filter.present?(ldap_config.uid)
		711	+ end
		712	+
		713	+ def ldap
		714	+ @ldap \|\|= OmniAuth::LDAP::Adaptor.new(ldap_config).connection
		715	+ end
		716	+
		717	+ def ldap_config
		718	+ @ldap_config \|\|= Gitlab.config.ldap
		719	+ end
		720	+ end
682		721
683	# Helper methods	722	# Helper methods
684	##########################	723	##########################