From 6b09fd1b39f9ad54276755ecc6123c83c068be0e Mon Sep 17 00:00:00 2001 From: Lars Seipel Date: Wed, 20 Sep 2017 01:50:21 +0200 Subject: [PATCH] Allow for configuration of LDAP group filter Fixes https://gitlab.com/gitlab-org/gitlab-ee/issues/334 --- ee/lib/ee/gitlab/ldap/adapter.rb | 14 +++++++++++++- lib/gitlab/ldap/config.rb | 8 ++++++++ 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/ee/lib/ee/gitlab/ldap/adapter.rb b/ee/lib/ee/gitlab/ldap/adapter.rb index 8dd61dea4fa6cf..26e1c090c2050f 100644 --- a/ee/lib/ee/gitlab/ldap/adapter.rb +++ b/ee/lib/ee/gitlab/ldap/adapter.rb @@ -16,7 +16,7 @@ module Adapter def groups(cn = "*", size = nil) options = { base: config.group_base, - filter: Net::LDAP::Filter.eq("cn", cn), + filter: group_filter(Net::LDAP::Filter.eq("cn", cn)), attributes: %w(dn cn memberuid member submember uniquemember memberof) } @@ -52,6 +52,18 @@ def nested_groups(parent_dn) LDAP::Group.new(entry, self) end end + + def group_filter(filter = nil) + group_filter = config.constructed_group_filter if config.group_filter.present? + + if group_filter && filter + Net::LDAP::Filter.join(filter, group_filter) + elsif group_filter + group_filter + else + filter + end + end end end end diff --git a/lib/gitlab/ldap/config.rb b/lib/gitlab/ldap/config.rb index b2ad21ac566ff2..eb627d13604b25 100644 --- a/lib/gitlab/ldap/config.rb +++ b/lib/gitlab/ldap/config.rb @@ -125,6 +125,14 @@ def admin_group options['admin_group'] end + def group_filter + options['group_filter'] + end + + def constructed_group_filter + @constructed_group_filter ||= Net::LDAP::Filter.construct(group_filter) + end + def active_directory options['active_directory'] end -- GitLab