diff --git a/CHANGELOG b/CHANGELOG
index 55a1a22e6b7d1bc931448b91440e1bf040b3e84d..f93668289cede5e8057d498074046df4a17dcc13 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -18,6 +18,7 @@ v 6.7.0
- Add webhook when a new tag is pushed (Jeroen van Baarsen)
- Add button for toggling inline comments in diff view
- Add retry feature for repository import
+ - Reuse the GitLab LDAP connection within each request
v 6.6.2
- Fix 500 error on branch/tag create or remove via UI
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 9a0c9f60b0577e8bcdb4897f044e93602e2f941d..5f8b2da06f8127d2720c87d1e23e85fba3d528fe 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -182,13 +182,15 @@ class ApplicationController < ActionController::Base
def ldap_security_check
if current_user && current_user.requires_ldap_check?
- if gitlab_ldap_access.allowed?(current_user)
- current_user.last_credential_check_at = Time.now
- current_user.save
- else
- sign_out current_user
- flash[:alert] = "Access denied for your LDAP account."
- redirect_to new_user_session_path
+ gitlab_ldap_access do |access|
+ if access.allowed?(current_user)
+ current_user.last_credential_check_at = Time.now
+ current_user.save
+ else
+ sign_out current_user
+ flash[:alert] = "Access denied for your LDAP account."
+ redirect_to new_user_session_path
+ end
end
end
end
@@ -198,8 +200,8 @@ class ApplicationController < ActionController::Base
@event_filter ||= EventFilter.new(filters)
end
- def gitlab_ldap_access
- Gitlab::LDAP::Access.new
+ def gitlab_ldap_access(&block)
+ Gitlab::LDAP::Access.open { |access| block.call(access) }
end
# JSON for infinite scroll via Pager object
diff --git a/lib/gitlab/ldap/access.rb b/lib/gitlab/ldap/access.rb
index 2a636244473aa0be1ef8b9f5754ebb484ed168ba..8f492e5c012791031f2f0f03f180ba20561f5487 100644
--- a/lib/gitlab/ldap/access.rb
+++ b/lib/gitlab/ldap/access.rb
@@ -1,8 +1,20 @@
module Gitlab
module LDAP
class Access
+ attr_reader :adapter
+
+ def self.open(&block)
+ Gitlab::LDAP::Adapter.open do |adapter|
+ block.call(self.new(adapter))
+ end
+ end
+
+ def initialize(adapter=nil)
+ @adapter = adapter
+ end
+
def allowed?(user)
- !!Gitlab::LDAP::Person.find_by_dn(user.extern_uid)
+ !!Gitlab::LDAP::Person.find_by_dn(user.extern_uid, adapter)
rescue
false
end
diff --git a/lib/gitlab/ldap/adapter.rb b/lib/gitlab/ldap/adapter.rb
index a7b5bcb207cb437f620af2749fdd709f0103ad59..983a2956a35dfef0c115f55e951fe76fc81f1389 100644
--- a/lib/gitlab/ldap/adapter.rb
+++ b/lib/gitlab/ldap/adapter.rb
@@ -3,7 +3,17 @@ module Gitlab
class Adapter
attr_reader :ldap
- def initialize
+ def self.open(&block)
+ Net::LDAP.open(adapter_options) do |ldap|
+ block.call(self.new(ldap))
+ end
+ end
+
+ def self.config
+ Gitlab.config.ldap
+ end
+
+ def self.adapter_options
encryption = config['method'].to_s == 'ssl' ? :simple_tls : nil
options = {
@@ -23,8 +33,12 @@ module Gitlab
if config['password'] || config['bind_dn']
options.merge!(auth_options)
end
+ options
+ end
+
- @ldap = Net::LDAP.new(options)
+ def initialize(ldap=nil)
+ @ldap = ldap || Net::LDAP.new(self.class.adapter_options)
end
def users(field, value)
@@ -65,7 +79,7 @@ module Gitlab
private
def config
- @config ||= Gitlab.config.ldap
+ @config ||= self.class.config
end
end
end
diff --git a/lib/gitlab/ldap/person.rb b/lib/gitlab/ldap/person.rb
index 5ee383dfa033ec959a6817da79248873f08fef10..06b17c58f8c417898353253555d8014b57a6e9b5 100644
--- a/lib/gitlab/ldap/person.rb
+++ b/lib/gitlab/ldap/person.rb
@@ -1,12 +1,14 @@
module Gitlab
module LDAP
class Person
- def self.find_by_uid(uid)
- Gitlab::LDAP::Adapter.new.user(config.uid, uid)
+ def self.find_by_uid(uid, adapter=nil)
+ adapter ||= Gitlab::LDAP::Adapter.new
+ adapter.user(config.uid, uid)
end
- def self.find_by_dn(dn)
- Gitlab::LDAP::Adapter.new.user('dn', dn)
+ def self.find_by_dn(dn, adapter=nil)
+ adapter ||= Gitlab::LDAP::Adapter.new
+ adapter.user('dn', dn)
end
def initialize(entry)