diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example
index f37381519b3887008ce01ec666c695886dd2c5bf..4cef181139b0adb24154432b5a4a2a1092175138 100644
--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@@ -114,6 +114,8 @@ production: &base
# ==========================
## LDAP settings
+ # You can inspect the first 100 LDAP users with login access by running:
+ # bundle exec rake gitlab:ldap:check[100] RAILS_ENV=production
ldap:
enabled: false
host: '_your_ldap_server'
diff --git a/lib/tasks/gitlab/check.rake b/lib/tasks/gitlab/check.rake
index f2349ca8c13c2d1c9aa27998c5750f1b2fb51cf6..20d5f03d6ef04716fc9e47a7eacf10e3f312498a 100644
--- a/lib/tasks/gitlab/check.rake
+++ b/lib/tasks/gitlab/check.rake
@@ -3,6 +3,7 @@ namespace :gitlab do
task check: %w{gitlab:env:check
gitlab:gitlab_shell:check
gitlab:sidekiq:check
+ gitlab:ldap:check
gitlab:app:check}
@@ -679,6 +680,44 @@ namespace :gitlab do
end
end
+ namespace :ldap do
+ task :check, [:limit] => :environment do |t, args|
+ args.with_defaults(limit: 100)
+ warn_user_is_not_gitlab
+ start_checking "LDAP"
+
+ if ldap_config.enabled
+ print_users(args.limit)
+ else
+ puts 'LDAP is disabled in config/gitlab.yml'
+ end
+
+ finished_checking "LDAP"
+ end
+
+ def print_users(limit)
+ puts "LDAP users with access to your GitLab server (limit: #{limit}):"
+ ldap.search(attributes: attributes, filter: filter, size: limit, return_result: false) do |entry|
+ puts "DN: #{entry.dn}\t#{ldap_config.uid}: #{entry[ldap_config.uid]}"
+ end
+ end
+
+ def attributes
+ [ldap_config.uid]
+ end
+
+ def filter
+ Net::LDAP::Filter.present?(ldap_config.uid)
+ end
+
+ def ldap
+ @ldap ||= OmniAuth::LDAP::Adaptor.new(ldap_config).connection
+ end
+
+ def ldap_config
+ @ldap_config ||= Gitlab.config.ldap
+ end
+ end
# Helper methods
##########################