diff options
author | Robert Speicher <robert@gitlab.com> | 2016-04-07 00:50:40 +0300 |
---|---|---|
committer | Robert Speicher <robert@gitlab.com> | 2016-04-07 00:50:40 +0300 |
commit | 5bdc18c5b39590717f67cf7154e242d26e5787b9 (patch) | |
tree | 9fe076270dbd6ab3b4a9455fc0172c0dac7ae1fa /lib | |
parent | b6d5fcd4775718676f1a11ddb6a88a08c67c9d0a (diff) | |
parent | 5ee6badade3c453c7090e9c1f1f4d636c5bb068e (diff) |
Merge branch 'patch/fix-ldap-unblock-user-logic' into 'master'
Unblocks user when active_directory is disabled and it can be found
We implemented a specific block state to handle user blocking that originates from LDAP filtering rules / directory state in !2242.
That introduced a regression in LDAP authentication when Active Directory support was disabled. You could have a scenario where the user would not be temporarily found (like a filtering rule), that would mark the user as `ldap_blocked`, but will never unblock it automatically when that state changed.
Fixes #14253, #13179, #13259, #13959
See merge request !3550
Diffstat (limited to 'lib')
-rw-r--r-- | lib/gitlab/ldap/access.rb | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/gitlab/ldap/access.rb b/lib/gitlab/ldap/access.rb index da4435c7308..f2b649e50a2 100644 --- a/lib/gitlab/ldap/access.rb +++ b/lib/gitlab/ldap/access.rb @@ -33,7 +33,10 @@ module Gitlab def allowed? if ldap_user - return true unless ldap_config.active_directory + unless ldap_config.active_directory + user.activate if user.ldap_blocked? + return true + end # Block user in GitLab if he/she was blocked in AD if Gitlab::LDAP::Person.disabled_via_active_directory?(user.ldap_identity.extern_uid, adapter) |