diff options
| author | Michael Kozono <mkozono@gmail.com> | 2018-11-27 16:08:31 -0800 |
|---|---|---|
| committer | Michael Kozono <mkozono@gmail.com> | 2018-12-03 13:51:46 -0800 |
| commit | 6855e6b5864abcf01689720424a4bea4c3b9fec2 (patch) | |
| tree | 627226eee254d76b41d16cfd99f07be3f7c3f6b5 /lib/system_check/ldap_check.rb | |
| parent | c3c25174e3397ca3f301b539477e6568c676d264 (diff) | |
| download | gitlab-ce-6855e6b5864abcf01689720424a4bea4c3b9fec2.tar.gz | |
Extract system check rake task logic
These changes make the code more reusable, testable, and most
importantly, overrideable.
Diffstat (limited to 'lib/system_check/ldap_check.rb')
| -rw-r--r-- | lib/system_check/ldap_check.rb | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/lib/system_check/ldap_check.rb b/lib/system_check/ldap_check.rb new file mode 100644 index 00000000000..619fb3cccb8 --- /dev/null +++ b/lib/system_check/ldap_check.rb @@ -0,0 +1,60 @@ +# frozen_string_literal: true + +module SystemCheck + # Used by gitlab:ldap:check rake task + class LdapCheck < BaseCheck + set_name 'LDAP:' + + def multi_check + if Gitlab::Auth::LDAP::Config.enabled? + # Only show up to 100 results because LDAP directories can be very big. + # This setting only affects the `rake gitlab:check` script. + limit = ENV['LDAP_CHECK_LIMIT'] + limit = 100 if limit.blank? + + check_ldap(limit) + else + $stdout.puts 'LDAP is disabled in config/gitlab.yml' + end + end + + private + + def check_ldap(limit) + servers = Gitlab::Auth::LDAP::Config.providers + + servers.each do |server| + $stdout.puts "Server: #{server}" + + begin + Gitlab::Auth::LDAP::Adapter.open(server) do |adapter| + check_ldap_auth(adapter) + + $stdout.puts "LDAP users with access to your GitLab server (only showing the first #{limit} results)" + + users = adapter.users(adapter.config.uid, '*', limit) + users.each do |user| + $stdout.puts "\tDN: #{user.dn}\t #{adapter.config.uid}: #{user.uid}" + end + end + rescue Net::LDAP::ConnectionRefusedError, Errno::ECONNREFUSED => e + $stdout.puts "Could not connect to the LDAP server: #{e.message}".color(:red) + end + end + end + + def check_ldap_auth(adapter) + auth = adapter.config.has_auth? + + message = if auth && adapter.ldap.bind + 'Success'.color(:green) + elsif auth + 'Failed. Check `bind_dn` and `password` configuration values'.color(:red) + else + 'Anonymous. No `bind_dn` or `password` configured'.color(:yellow) + end + + $stdout.puts "LDAP authentication... #{message}" + end + end +end |