lib/gitlab/qa/component/ldap.rb in gitlab-qa-2.7.1 vs lib/gitlab/qa/component/ldap.rb in gitlab-qa-2.7.2
- old
+ new
@@ -24,10 +24,11 @@
ADMIN_USER = 'admin'.freeze
ADMIN_PASSWORD = 'admin'.freeze
LDAP_USER = 'tanuki'.freeze
LDAP_PASSWORD = 'password'.freeze
LDAP_PORT = 389
+ LDAP_TLS_PORT = 636
BASE_DN = 'dc=example,dc=org'.freeze
BIND_DN = 'cn=admin,dc=example,dc=org'.freeze
BOOTSTRAP_LDIF = '/container/service/slapd/assets/config/bootstrap/ldif/custom'.freeze
GROUP_BASE = 'ou=groups,dc=example,dc=org'.freeze
ADMIN_GROUP = 'admin'.freeze
@@ -44,14 +45,26 @@
@network_aliases = []
@volumes[FIXTURE_PATH] = BOOTSTRAP_LDIF
end
- def enable_tls(status)
- @environment['LDAP_TLS'] = 'false' unless status
+ # LDAP_TLS is true by default
+ def tls=(status)
+ if status
+ @environment['LDAP_TLS_CRT_FILENAME'] = "#{hostname}.crt"
+ @environment['LDAP_TLS_KEY_FILENAME'] = "#{hostname}.key"
+ @environment['LDAP_TLS_ENFORCE'] = 'true'
+ @environment['LDAP_TLS_VERIFY_CLIENT'] = 'never'
+ else
+ @environment['LDAP_TLS'] = 'false'
+ end
end
+ def tls?
+ @environment['LDAP_TLS'] != 'false'
+ end
+
def username
LDAP_USER
end
def password
@@ -130,15 +143,16 @@
def to_config
config = YAML.safe_load <<~CFG
main:
label: LDAP
host: #{hostname}
- port: #{LDAP_PORT}
+ port: #{tls? ? LDAP_TLS_PORT : LDAP_PORT}
uid: 'uid'
bind_dn: #{BIND_DN}
password: #{ADMIN_PASSWORD}
- method: 'plain'
+ method: #{tls? ? 'simple_tls' : 'plain'}
+ verify_certificates: false
base: #{BASE_DN}
user_filter: ''
group_base: #{GROUP_BASE}
admin_group: #{ADMIN_GROUP}
external_groups: ''
@@ -150,9 +164,13 @@
end
def set_gitlab_credentials
::Gitlab::QA::Runtime::Env.ldap_username = username
::Gitlab::QA::Runtime::Env.ldap_password = password
+ end
+
+ def set_accept_insecure_certs
+ ::Gitlab::QA::Runtime::Env.accept_insecure_certs = 'true'
end
end
end
end
end