BigW Consortium Gitlab

adapter.rb 2.72 KB
Newer Older
1 2 3
module Gitlab
  module LDAP
    class Adapter
4
      attr_reader :provider, :ldap
5

6 7 8
      def self.open(provider, &block)
        Net::LDAP.open(config(provider).adapter_options) do |ldap|
          block.call(self.new(provider, ldap))
9 10 11
        end
      end

12 13
      def self.config(provider)
        Gitlab::LDAP::Config.new(provider)
14 15
      end

16
      def initialize(provider, ldap = nil)
17 18
        @provider = provider
        @ldap = ldap || Net::LDAP.new(config.adapter_options)
19 20
      end

21 22
      def config
        Gitlab::LDAP::Config.new(provider)
23 24
      end

25
      def users(field, value, limit = nil)
26
        options = user_options(field, value, limit)
27

28
        entries = ldap_search(options).select do |entry|
29 30 31 32
          entry.respond_to? config.uid
        end

        entries.map do |entry|
33
          Gitlab::LDAP::Person.new(entry, provider)
34 35 36 37 38 39 40
        end
      end

      def user(*args)
        users(*args).first
      end

41
      def dn_matches_filter?(dn, filter)
42 43 44 45
        ldap_search(base: dn,
                    filter: filter,
                    scope: Net::LDAP::SearchScope_BaseObject,
                    attributes: %w{dn}).any?
46 47
      end

48
      def ldap_search(*args)
49 50 51
        # Net::LDAP's `time` argument doesn't work. Use Ruby `Timeout` instead.
        Timeout.timeout(config.timeout) do
          results = ldap.search(*args)
52

53 54
          if results.nil?
            response = ldap.get_operation_result
55

56 57 58
            unless response.code.zero?
              Rails.logger.warn("LDAP search error: #{response.message}")
            end
59

60 61 62 63
            []
          else
            results
          end
64
        end
65 66 67
      rescue Net::LDAP::Error => error
        Rails.logger.warn("LDAP search raised exception #{error.class}: #{error.message}")
        []
68 69 70
      rescue Timeout::Error
        Rails.logger.warn("LDAP search timed out after #{config.timeout} seconds")
        []
71
      end
72 73 74 75

      private

      def user_options(field, value, limit)
76
        options = { attributes: user_attributes }
77 78 79 80 81 82 83 84 85 86 87 88 89 90 91
        options[:size] = limit if limit

        if field.to_sym == :dn
          options[:base] = value
          options[:scope] = Net::LDAP::SearchScope_BaseObject
          options[:filter] = user_filter
        else
          options[:base] = config.base
          options[:filter] = user_filter(Net::LDAP::Filter.eq(field, value))
        end

        options
      end

      def user_filter(filter = nil)
92
        user_filter = config.constructed_user_filter if config.user_filter.present?
93 94 95 96 97 98 99 100 101

        if user_filter && filter
          Net::LDAP::Filter.join(filter, user_filter)
        elsif user_filter
          user_filter
        else
          filter
        end
      end
102 103 104 105

      def user_attributes
        %W(#{config.uid} cn mail dn)
      end
106 107 108
    end
  end
end