Skip to content

Commit

Permalink
Began development of importing SSH keys.
Browse files Browse the repository at this point in the history 
#11
  • Loading branch information
@Adambean
Adambean committed Jul 6, 2019
1 parent 1df0410 commit c24758b
Show file tree
Hide file tree
Showing 2 changed files with 46 additions and 3 deletions.
2 changes: 2 additions & 0 deletions config.yml.dist
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ ldap:
userUniqueAttribute: "uid"
userNameAttribute: "cn"
userEmailAttribute: "mail"
userSshKeyAttribute: "sshPublicKey"

groupDn: ~
groupFilter: "(objectClass=groupOfUniqueNames)"
Expand All @@ -37,6 +38,7 @@ gitlab:
createEmptyGroups: false
deleteExtraGroups: false
newMemberAccessLevel: 30
sshKeysImportMode: "merge"

groupNamesOfAdministrators: []
groupNamesOfExternal: []
Expand Down
47 changes: 44 additions & 3 deletions src/LdapSyncCommand.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -369,6 +369,12 @@ private function validateConfig(array &$config, array &$problems = null): bool
$addProblem("error", "ldap->queries->userEmailAttribute not specified.");
}

if (!isset($config["ldap"]["queries"]["userSshKeyAttribute"])) {
$addProblem("warning", "ldap->queries->userSshKeyAttribute missing.");
} else if (!$config["ldap"]["queries"]["userSshKeyAttribute"] = trim($config["ldap"]["queries"]["userSshKeyAttribute"])) {
$addProblem("warning", "ldap->queries->userSshKeyAttribute not specified.");
}

if (!isset($config["ldap"]["queries"]["groupDn"])) {
$addProblem("error", "ldap->queries->groupDn missing.");
} else if (!$config["ldap"]["queries"]["groupDn"] = trim($config["ldap"]["queries"]["groupDn"])) {
Expand Down Expand Up @@ -490,6 +496,26 @@ private function validateConfig(array &$config, array &$problems = null): bool
$addProblem("error", "gitlab->options->newMemberAccessLevel is not an integer.");
}

if (!isset($config["gitlab"]["options"]["sshKeysImportMode"])) {
$addProblem("warning", "gitlab->options->sshKeysImportMode missing. (Assuming false.)");
$config["gitlab"]["options"]["sshKeysImportMode"] = false;
} else if (null === $config["gitlab"]["options"]["sshKeysImportMode"]) {
$addProblem("warning", "gitlab->options->sshKeysImportMode not specified. (Assuming false.)");
$config["gitlab"]["options"]["sshKeysImportMode"] = false;
} else if ($config["gitlab"]["options"]["sshKeysImportMode"]) {
$config["gitlab"]["options"]["sshKeysImportMode"] = strtolower(trim($config["gitlab"]["options"]["sshKeysImportMode"]));

switch ($config["gitlab"]["options"]["sshKeysImportMode"]) {
case "insert":
case "merge":
case "replace":
break;

default:
$addProblem("error", "gitlab->options->sshKeysImportMode invalid. (Must be \"insert\", \"merge\", or \"replace\".)");
}
}

if (!isset($config["gitlab"]["options"]["groupNamesOfAdministrators"])) {
// $addProblem("warning", "gitlab->options->groupNamesOfAdministrators missing. (Assuming none.)");
$config["gitlab"]["options"]["groupNamesOfAdministrators"] = [];
Expand Down Expand Up @@ -635,9 +661,10 @@ private function getLdapUsersAndGroups(array $config, array &$users, int &$users
if (is_array($ldapUsers = @ldap_get_entries($ldap, $ldapUsersQuery))) {
if ($ldapUsersNum = count($ldapUsers)) {
$this->logger->notice(sprintf("%d directory user(s) found.", $ldapUsersNum));
$ldapUserAttribute = strtolower($config["ldap"]["queries"]["userUniqueAttribute"]);
$ldapNameAttribute = strtolower($config["ldap"]["queries"]["userNameAttribute"]);
$ldapEmailAttribute = strtolower($config["ldap"]["queries"]["userEmailAttribute"]);
$ldapUserAttribute = strtolower($config["ldap"]["queries"]["userUniqueAttribute"]);
$ldapNameAttribute = strtolower($config["ldap"]["queries"]["userNameAttribute"]);
$ldapEmailAttribute = strtolower($config["ldap"]["queries"]["userEmailAttribute"]);
$ldapSshKeyAttribute = strtolower($config["ldap"]["queries"]["userSshKeyAttribute"]);

foreach ($ldapUsers as $i => $ldapUser) {
if (!is_int($i)) {
Expand Down Expand Up @@ -705,6 +732,19 @@ private function getLdapUsersAndGroups(array $config, array &$users, int &$users
continue;
}

$ldapUserSshKeys = null;
if ($ldapSshKeyAttribute) {
$ldapUserSshKeys = [];

if (!isset($ldapUser[$ldapSshKeyAttribute])) {
$this->logger->warning(sprintf("User #%d [%s]: Missing attribute \"%s\".", $n, $ldapUserDn, $ldapSshKeyAttribute));
} elseif (!is_array($ldapUser[$ldapSshKeyAttribute])) {
$this->logger->warning(sprintf("User #%d [%s]: Invalid attribute \"%s\".", $n, $ldapUserDn, $ldapSshKeyAttribute));
} elseif (count($ldapUserSshKeys = $ldapUser[$ldapSshKeyAttribute]) < 1) {
$this->logger->warning(sprintf("User #%d [%s]: Empty attribute \"%s\".", $n, $ldapUserDn, $ldapSshKeyAttribute));
}
}

if ($this->in_array_i($ldapUserName, $config["gitlab"]["options"]["userNamesToIgnore"])) {
$this->logger->info(sprintf("User \"%s\" in ignore list.", $ldapUserName));
continue;
Expand All @@ -721,6 +761,7 @@ private function getLdapUsersAndGroups(array $config, array &$users, int &$users
"username" => $ldapUserName,
"fullName" => $ldapUserFullName,
"email" => $ldapUserEmail,
"sshKeys" => $ldapUserSshKeys,
"isAdmin" => false,
"isExternal" => false,
];
Expand Down

0 comments on commit c24758b

Please sign in to comment.