From 228baa80b2063bc2692474e3bbc6eeef887f063e Mon Sep 17 00:00:00 2001
From: Friedrich Beckmann <friedrich.beckmann@hs-augsburg.de>
Date: Sat, 27 Apr 2013 22:20:26 +0200
Subject: [PATCH] LDAP Authentification with grack for https push - fixed
 password check

---
 lib/gitlab/backend/grack_auth.rb | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

diff --git a/lib/gitlab/backend/grack_auth.rb b/lib/gitlab/backend/grack_auth.rb
index abbee6132d..9de68283dc 100644
--- a/lib/gitlab/backend/grack_auth.rb
+++ b/lib/gitlab/backend/grack_auth.rb
@@ -1,4 +1,5 @@
 require_relative 'shell_env'
+require 'omniauth-ldap'
 
 module Grack
   class Auth < Rack::Auth::Basic
@@ -32,8 +33,14 @@ module Grack
         # Authentication with username and password
         login, password = @auth.credentials
         self.user = User.find_by_email(login) || User.find_by_username(login)
-        return false unless user.try(:valid_password?, password)
 
+        if user.nil?
+          ldap_auth(login,password)
+          return false unless !user.nil?
+        else
+          return false unless user.valid_password?(password);
+        end
+           
         Gitlab::ShellEnv.set_env(user)
       end
 
@@ -47,6 +54,23 @@ module Grack
       end
     end
 
+    def ldap_auth(login, password)
+      # Check user against LDAP backend if user is not authenticated
+      # Only check with valid login and password to prevent anonymous bind results
+      gl = Gitlab.config
+      if gl.ldap.enabled && !login.blank? && !password.blank?
+        ldap = OmniAuth::LDAP::Adaptor.new(gl.ldap)
+        ldap_user = ldap.bind_as(
+          filter: Net::LDAP::Filter.eq(ldap.uid, login),
+          size: 1,
+          password: password
+        )
+        if ldap_user
+          self.user = User.find_by_extern_uid_and_provider(ldap_user.dn, 'ldap')
+        end
+      end
+    end
+
     def validate_get_request
       project.public || can?(user, :download_code, project)
     end
-- 
2.30.9