githubFork/gitblit.git - Solinfo Gitblit

			@@ -30,6 +30,7 @@

			import com.gitblit.Constants;
			import com.gitblit.Constants.AccountType;
			import com.gitblit.Constants.Role;
			import com.gitblit.Keys;
			import com.gitblit.auth.AuthenticationProvider.UsernamePasswordAuthenticationProvider;
			import com.gitblit.models.TeamModel;
			@@ -119,8 +120,12 @@
			final Map<String, UserModel> ldapUsers = new HashMap<String, UserModel>();

			for (SearchResultEntry loggingInUser : result.getSearchEntries()) {

			final String username = loggingInUser.getAttribute(uidAttribute).getValue();
			Attribute uid = loggingInUser.getAttribute(uidAttribute);
			if (uid == null) {
			logger.error("Can not synchronize with LDAP, missing \"{}\" attribute", uidAttribute);
			continue;
			}
			final String username = uid.getValue();
			logger.debug("LDAP synchronizing: " + username);

			UserModel user = userManager.getUserModel(username);
			@@ -268,7 +273,6 @@
			return StringUtils.isEmpty(settings.getString(Keys.realm.ldap.email, ""));
			}


			/**
			* If the LDAP server will maintain team memberships then LdapUserService
			* will not allow team membership changes. In this scenario all team
			@@ -280,6 +284,32 @@
			@Override
			public boolean supportsTeamMembershipChanges() {
			return !settings.getBoolean(Keys.realm.ldap.maintainTeams, false);
			}

			@Override
			public boolean supportsRoleChanges(UserModel user, Role role) {
			if (Role.ADMIN == role) {
			if (!supportsTeamMembershipChanges()) {
			List<String> admins = settings.getStrings(Keys.realm.ldap.admins);
			if (admins.contains(user.username)) {
			return false;
			}
			}
			}
			return true;
			}

			@Override
			public boolean supportsRoleChanges(TeamModel team, Role role) {
			if (Role.ADMIN == role) {
			if (!supportsTeamMembershipChanges()) {
			List<String> admins = settings.getStrings(Keys.realm.ldap.admins);
			if (admins.contains("@" + team.name)) {
			return false;
			}
			}
			}
			return true;
			}

			@Override
			@@ -294,6 +324,20 @@
			LDAPConnection ldapConnection = getLdapConnection();
			if (ldapConnection != null) {
			try {
			boolean alreadyAuthenticated = false;

			String bindPattern = settings.getString(Keys.realm.ldap.bindpattern, "");
			if (!StringUtils.isEmpty(bindPattern)) {
			try {
			String bindUser = StringUtils.replace(bindPattern, "${username}", escapeLDAPSearchFilter(simpleUsername));
			ldapConnection.bind(bindUser, new String(password));

			alreadyAuthenticated = true;
			} catch (LDAPException e) {
			return null;
			}
			}

			// Find the logging in user's DN
			String accountBase = settings.getString(Keys.realm.ldap.accountBase, "");
			String accountPattern = settings.getString(Keys.realm.ldap.accountPattern, "(&(objectClass=person)(sAMAccountName=${username}))");
			@@ -304,7 +348,7 @@
			SearchResultEntry loggingInUser = result.getSearchEntries().get(0);
			String loggingInUserDN = loggingInUser.getDN();

			if (isAuthenticated(ldapConnection, loggingInUserDN, new String(password))) {
			if (alreadyAuthenticated \|\| isAuthenticated(ldapConnection, loggingInUserDN, new String(password))) {
			logger.debug("LDAP authenticated: " + username);

			UserModel user = null;
			@@ -409,6 +453,10 @@
			Attribute attribute = userEntry.getAttribute(email);
			if (attribute != null && attribute.hasValue()) {
			user.emailAddress = attribute.getValue();
			} else {
			// issue-456/ticket-134
			// allow LDAP to delete an email address
			user.emailAddress = null;
			}
			}
			}
			@@ -569,7 +617,8 @@
			if (ldapSyncService.isReady()) {
			long ldapSyncPeriod = getSynchronizationPeriodInMilliseconds();
			int delay = 1;
			logger.info("Ldap sync service will update users and groups every {} minutes.", ldapSyncPeriod);
			logger.info("Ldap sync service will update users and groups every {} minutes.",
			TimeUnit.MILLISECONDS.toMinutes(ldapSyncPeriod));
			scheduledExecutorService.scheduleAtFixedRate(ldapSyncService, delay, ldapSyncPeriod, TimeUnit.MILLISECONDS);
			} else {
			logger.info("Ldap sync service is disabled.");