Created
January 28, 2015 10:59
-
-
Save bashou/d9b6e91dbef9663d6dc1 to your computer and use it in GitHub Desktop.
Fix LDAP login with Gitlab and existing users
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env ruby | |
require "mysql" | |
require 'net/ldap' | |
ldap = Net::LDAP.new :host => "<LDAP_HOST>", | |
:port => "<LDAP_HOST_PORT>", # your LDAP host port goes here, | |
:base => "<LDAP_PORT>", # the base of your AD tree goes here, | |
:auth => { | |
:method => :simple, | |
:username => "<LDAP_USER>", # a user w/sufficient privileges to read from AD goes here, | |
:password => "<LDAP_PASSWORD>" # the user's password goes here | |
} | |
if ldap.bind | |
puts "Connection successful! Code: #{ldap.get_operation_result.code}, message: #{ldap.get_operation_result.message}" | |
con = Mysql.new '<MYSQL_HOST>', '<MYSQL_USER>', '<MYSQL_PASSWORD>', '<MYSQL_DB>' | |
users_in_ldap_list = con.query("SELECT users.id, username FROM users, identities WHERE users.id = identities.user_id") | |
users_in_ldap_rows = users_in_ldap_list.num_rows | |
users_list = con.query("SELECT id, username, email FROM users ORDER BY id ASC") | |
users_rows = users_list.num_rows | |
identities_list = con.query("SELECT * FROM identities") | |
identities_rows = identities_list.num_rows | |
puts "There are :" | |
puts "-> #{users_rows} users in Gitlab." | |
puts "-> #{users_in_ldap_rows} users in Gitlab and LDAP." | |
puts "-> #{identities_rows} identities." | |
result_attrs = ["uid", "mail"] | |
# Execute search | |
ldap.search(:attributes => result_attrs, :return_result => false) do |item| | |
identities_find = con.query("SELECT users.id, username, email FROM users, identities WHERE users.id = identities.user_id AND email = '#{item['mail'].first}'") | |
identities_data = identities_find.fetch_row | |
if identities_find.num_rows > 0 | |
# puts "Email LDAP: #{item['mail'].first}" | |
# puts "Username : #{identities_data[1]}" | |
# puts "Id : #{identities_data[0]}" | |
# puts "Email Gitlab: #{identities_data[2]}" | |
# puts "Exist? : YES" | |
else | |
# puts "Email LDAP: #{item['mail'].first}" | |
# puts "Exist? : NO" | |
if item['mail'].first and item['mail'].first != "" | |
user_find = con.query("SELECT id, username, email FROM users WHERE email = \"" + item['mail'].first + "\"") | |
user_data = user_find.fetch_row | |
if user_find.num_rows > 0 | |
con.query("INSERT INTO identities (user_id, extern_uid, provider) VALUES (" + user_data[0] + ", 'uid=" + item['uid'].first + ",ou=People,dc=ftven,dc=net', 'ldapmain')") rescue puts "[ALERTE] L'adresse mail #{item['mail'].first} n'a pas pu être ajouté suite à une erreur MySQL" | |
else | |
puts "[WARN] L'adresse '" + item['mail'].first + "' n'existe pas dans Gitlab" | |
end | |
end | |
end | |
end | |
if con | |
con.close | |
end | |
else | |
puts "Connection failed! Code: #{ldap.get_operation_result.code}, message: #{ldap.get_operation_result.message}" | |
end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I'm having the same problem with my gitlab, I would like to use this script to see if it fixes the problem but I don't know where to place or run this script. If it's not a big deal could you please comment back on how to make this work? Thanks again!