Skip to content

Commit c24758b

Browse files
AdambeanAdambean
committed
Began development of importing SSH keys.
#11
1 parent 1df0410 commit c24758b

File tree

2 files changed

+46
-3
lines changed

2 files changed

+46
-3
lines changed

config.yml.dist

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,7 @@ ldap:
2121
userUniqueAttribute: "uid"
2222
userNameAttribute: "cn"
2323
userEmailAttribute: "mail"
24+
userSshKeyAttribute: "sshPublicKey"
2425

2526
groupDn: ~
2627
groupFilter: "(objectClass=groupOfUniqueNames)"
@@ -37,6 +38,7 @@ gitlab:
3738
createEmptyGroups: false
3839
deleteExtraGroups: false
3940
newMemberAccessLevel: 30
41+
sshKeysImportMode: "merge"
4042

4143
groupNamesOfAdministrators: []
4244
groupNamesOfExternal: []

src/LdapSyncCommand.php

Lines changed: 44 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -369,6 +369,12 @@ private function validateConfig(array &$config, array &$problems = null): bool
369369
$addProblem("error", "ldap->queries->userEmailAttribute not specified.");
370370
}
371371

372+
if (!isset($config["ldap"]["queries"]["userSshKeyAttribute"])) {
373+
$addProblem("warning", "ldap->queries->userSshKeyAttribute missing.");
374+
} else if (!$config["ldap"]["queries"]["userSshKeyAttribute"] = trim($config["ldap"]["queries"]["userSshKeyAttribute"])) {
375+
$addProblem("warning", "ldap->queries->userSshKeyAttribute not specified.");
376+
}
377+
372378
if (!isset($config["ldap"]["queries"]["groupDn"])) {
373379
$addProblem("error", "ldap->queries->groupDn missing.");
374380
} else if (!$config["ldap"]["queries"]["groupDn"] = trim($config["ldap"]["queries"]["groupDn"])) {
@@ -490,6 +496,26 @@ private function validateConfig(array &$config, array &$problems = null): bool
490496
$addProblem("error", "gitlab->options->newMemberAccessLevel is not an integer.");
491497
}
492498

499+
if (!isset($config["gitlab"]["options"]["sshKeysImportMode"])) {
500+
$addProblem("warning", "gitlab->options->sshKeysImportMode missing. (Assuming false.)");
501+
$config["gitlab"]["options"]["sshKeysImportMode"] = false;
502+
} else if (null === $config["gitlab"]["options"]["sshKeysImportMode"]) {
503+
$addProblem("warning", "gitlab->options->sshKeysImportMode not specified. (Assuming false.)");
504+
$config["gitlab"]["options"]["sshKeysImportMode"] = false;
505+
} else if ($config["gitlab"]["options"]["sshKeysImportMode"]) {
506+
$config["gitlab"]["options"]["sshKeysImportMode"] = strtolower(trim($config["gitlab"]["options"]["sshKeysImportMode"]));
507+
508+
switch ($config["gitlab"]["options"]["sshKeysImportMode"]) {
509+
case "insert":
510+
case "merge":
511+
case "replace":
512+
break;
513+
514+
default:
515+
$addProblem("error", "gitlab->options->sshKeysImportMode invalid. (Must be \"insert\", \"merge\", or \"replace\".)");
516+
}
517+
}
518+
493519
if (!isset($config["gitlab"]["options"]["groupNamesOfAdministrators"])) {
494520
// $addProblem("warning", "gitlab->options->groupNamesOfAdministrators missing. (Assuming none.)");
495521
$config["gitlab"]["options"]["groupNamesOfAdministrators"] = [];
@@ -635,9 +661,10 @@ private function getLdapUsersAndGroups(array $config, array &$users, int &$users
635661
if (is_array($ldapUsers = @ldap_get_entries($ldap, $ldapUsersQuery))) {
636662
if ($ldapUsersNum = count($ldapUsers)) {
637663
$this->logger->notice(sprintf("%d directory user(s) found.", $ldapUsersNum));
638-
$ldapUserAttribute = strtolower($config["ldap"]["queries"]["userUniqueAttribute"]);
639-
$ldapNameAttribute = strtolower($config["ldap"]["queries"]["userNameAttribute"]);
640-
$ldapEmailAttribute = strtolower($config["ldap"]["queries"]["userEmailAttribute"]);
664+
$ldapUserAttribute = strtolower($config["ldap"]["queries"]["userUniqueAttribute"]);
665+
$ldapNameAttribute = strtolower($config["ldap"]["queries"]["userNameAttribute"]);
666+
$ldapEmailAttribute = strtolower($config["ldap"]["queries"]["userEmailAttribute"]);
667+
$ldapSshKeyAttribute = strtolower($config["ldap"]["queries"]["userSshKeyAttribute"]);
641668

642669
foreach ($ldapUsers as $i => $ldapUser) {
643670
if (!is_int($i)) {
@@ -705,6 +732,19 @@ private function getLdapUsersAndGroups(array $config, array &$users, int &$users
705732
continue;
706733
}
707734

735+
$ldapUserSshKeys = null;
736+
if ($ldapSshKeyAttribute) {
737+
$ldapUserSshKeys = [];
738+
739+
if (!isset($ldapUser[$ldapSshKeyAttribute])) {
740+
$this->logger->warning(sprintf("User #%d [%s]: Missing attribute \"%s\".", $n, $ldapUserDn, $ldapSshKeyAttribute));
741+
} elseif (!is_array($ldapUser[$ldapSshKeyAttribute])) {
742+
$this->logger->warning(sprintf("User #%d [%s]: Invalid attribute \"%s\".", $n, $ldapUserDn, $ldapSshKeyAttribute));
743+
} elseif (count($ldapUserSshKeys = $ldapUser[$ldapSshKeyAttribute]) < 1) {
744+
$this->logger->warning(sprintf("User #%d [%s]: Empty attribute \"%s\".", $n, $ldapUserDn, $ldapSshKeyAttribute));
745+
}
746+
}
747+
708748
if ($this->in_array_i($ldapUserName, $config["gitlab"]["options"]["userNamesToIgnore"])) {
709749
$this->logger->info(sprintf("User \"%s\" in ignore list.", $ldapUserName));
710750
continue;
@@ -721,6 +761,7 @@ private function getLdapUsersAndGroups(array $config, array &$users, int &$users
721761
"username" => $ldapUserName,
722762
"fullName" => $ldapUserFullName,
723763
"email" => $ldapUserEmail,
764+
"sshKeys" => $ldapUserSshKeys,
724765
"isAdmin" => false,
725766
"isExternal" => false,
726767
];

0 commit comments

Comments
 (0)