Commit 3a900c1b authored by Mathieu Parent's avatar Mathieu Parent Committed by Alex Kalderimis

Allow LDAP failover

Fixes: https://gitlab.com/gitlab-org/gitlab/-/issues/139
Changelog: added
parent ef987699
...@@ -158,8 +158,9 @@ These configuration settings are available: ...@@ -158,8 +158,9 @@ These configuration settings are available:
| Setting | Description | Required | Examples | | Setting | Description | Required | Examples |
|--------------------|-------------|----------|----------| |--------------------|-------------|----------|----------|
| `label` | A human-friendly name for your LDAP server. It is displayed on your sign-in page. | **{check-circle}** Yes | `'Paris'` or `'Acme, Ltd.'` | | `label` | A human-friendly name for your LDAP server. It is displayed on your sign-in page. | **{check-circle}** Yes | `'Paris'` or `'Acme, Ltd.'` |
| `host` | IP address or domain name of your LDAP server. | **{check-circle}** Yes | `'ldap.mydomain.com'` | | `host` | IP address or domain name of your LDAP server. Ignored when `hosts` is defined. | **{check-circle}** Yes | `'ldap.mydomain.com'` |
| `port` | The port to connect with on your LDAP server. Always an integer, not a string. | **{check-circle}** Yes | `389` or `636` (for SSL) | | `port` | The port to connect with on your LDAP server. Always an integer, not a string. Ignored when `hosts` is defined. | **{check-circle}** Yes | `389` or `636` (for SSL) |
| `hosts` | An array of host and port pairs to open connections. This setting takes precedence over `host` and `port`. | **{dotted-circle}** No | `[['ldap1.mydomain.com', 636], ['ldap2.mydomain.com', 636]]` |
| `uid` | LDAP attribute for username. Should be the attribute, not the value that maps to the `uid`. | **{check-circle}** Yes | `'sAMAccountName'` or `'uid'` or `'userPrincipalName'` | | `uid` | LDAP attribute for username. Should be the attribute, not the value that maps to the `uid`. | **{check-circle}** Yes | `'sAMAccountName'` or `'uid'` or `'userPrincipalName'` |
| `bind_dn` | The full DN of the user you bind with. | **{dotted-circle}** No | `'america\momo'` or `'CN=Gitlab,OU=Users,DC=domain,DC=com'` | | `bind_dn` | The full DN of the user you bind with. | **{dotted-circle}** No | `'america\momo'` or `'CN=Gitlab,OU=Users,DC=domain,DC=com'` |
| `password` | The password of the bind user. | **{dotted-circle}** No | `'your_great_password'` | | `password` | The password of the bind user. | **{dotted-circle}** No | `'your_great_password'` |
......
...@@ -206,7 +206,8 @@ module Gitlab ...@@ -206,7 +206,8 @@ module Gitlab
def base_options def base_options
{ {
host: options['host'], host: options['host'],
port: options['port'] port: options['port'],
hosts: options['hosts']
} }
end end
......
...@@ -121,10 +121,40 @@ AtlErSqafbECNDSwS5BX8yDpu5yRBJ4xegO/rNlmb8ICRYkuJapD1xXicFOsmfUK ...@@ -121,10 +121,40 @@ AtlErSqafbECNDSwS5BX8yDpu5yRBJ4xegO/rNlmb8ICRYkuJapD1xXicFOsmfUK
expect(config.adapter_options).to eq( expect(config.adapter_options).to eq(
host: 'ldap.example.com', host: 'ldap.example.com',
port: 386, port: 386,
hosts: nil,
encryption: nil encryption: nil
) )
end end
it 'includes failover hosts when set' do
stub_ldap_config(
options: {
'host' => 'ldap.example.com',
'port' => 686,
'hosts' => [
['ldap1.example.com', 636],
['ldap2.example.com', 636]
],
'encryption' => 'simple_tls',
'verify_certificates' => true,
'bind_dn' => 'uid=admin,dc=example,dc=com',
'password' => 'super_secret'
}
)
expect(config.adapter_options).to include({
hosts: [
['ldap1.example.com', 636],
['ldap2.example.com', 636]
],
auth: {
method: :simple,
username: 'uid=admin,dc=example,dc=com',
password: 'super_secret'
}
})
end
it 'includes authentication options when auth is configured' do it 'includes authentication options when auth is configured' do
stub_ldap_config( stub_ldap_config(
options: { options: {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment