githubFork/gitblit.git - Solinfo Gitblit

			@@ -43,6 +43,7 @@
			import com.unboundid.ldap.sdk.SearchResult;
			import com.unboundid.ldap.sdk.SearchResultEntry;
			import com.unboundid.ldap.sdk.SearchScope;
			import com.unboundid.ldap.sdk.SimpleBindRequest;
			import com.unboundid.ldap.sdk.extensions.StartTLSExtendedRequest;
			import com.unboundid.util.ssl.SSLUtil;
			import com.unboundid.util.ssl.TrustAllTrustManager;
			@@ -161,46 +162,42 @@

			private LDAPConnection getLdapConnection() {
			try {

			URI ldapUrl = new URI(settings.getRequiredString(Keys.realm.ldap.server));
			String ldapHost = ldapUrl.getHost();
			int ldapPort = ldapUrl.getPort();
			String bindUserName = settings.getString(Keys.realm.ldap.username, "");
			String bindPassword = settings.getString(Keys.realm.ldap.password, "");
			int ldapPort = ldapUrl.getPort();


			LDAPConnection conn;
			if (ldapUrl.getScheme().equalsIgnoreCase("ldaps")) { // SSL
			if (ldapPort == -1) // Default Port
			ldapPort = 636;

			LDAPConnection conn;
			SSLUtil sslUtil = new SSLUtil(new TrustAllTrustManager());
			if (StringUtils.isEmpty(bindUserName) && StringUtils.isEmpty(bindPassword)) {
			conn = new LDAPConnection(sslUtil.createSSLSocketFactory(), ldapUrl.getHost(), ldapPort);
			} else {
			conn = new LDAPConnection(sslUtil.createSSLSocketFactory(), ldapUrl.getHost(), ldapPort, bindUserName, bindPassword);
			}
			return conn;
			conn = new LDAPConnection(sslUtil.createSSLSocketFactory());
			} else if (ldapUrl.getScheme().equalsIgnoreCase("ldap") \|\| ldapUrl.getScheme().equalsIgnoreCase("ldap+tls")) { // no encryption or StartTLS
			conn = new LDAPConnection();
			} else {
			if (ldapPort == -1) // Default Port
			ldapPort = 389;

			LDAPConnection conn;
			if (StringUtils.isEmpty(bindUserName) && StringUtils.isEmpty(bindPassword)) {
			conn = new LDAPConnection(ldapUrl.getHost(), ldapPort);
			} else {
			conn = new LDAPConnection(ldapUrl.getHost(), ldapPort, bindUserName, bindPassword);
			}

			if (ldapUrl.getScheme().equalsIgnoreCase("ldap+tls")) {
			SSLUtil sslUtil = new SSLUtil(new TrustAllTrustManager());

			ExtendedResult extendedResult = conn.processExtendedOperation(
			new StartTLSExtendedRequest(sslUtil.createSSLContext()));

			if (extendedResult.getResultCode() != ResultCode.SUCCESS) {
			throw new LDAPException(extendedResult.getResultCode());
			}
			}
			return conn;
			logger.error("Unsupported LDAP URL scheme: " + ldapUrl.getScheme());
			return null;
			}

			conn.connect(ldapHost, ldapPort);

			if (ldapUrl.getScheme().equalsIgnoreCase("ldap+tls")) {
			SSLUtil sslUtil = new SSLUtil(new TrustAllTrustManager());
			ExtendedResult extendedResult = conn.processExtendedOperation(
			new StartTLSExtendedRequest(sslUtil.createSSLContext()));
			if (extendedResult.getResultCode() != ResultCode.SUCCESS) {
			throw new LDAPException(extendedResult.getResultCode());
			}
			}

			if ( ! StringUtils.isEmpty(bindUserName) \|\| ! StringUtils.isEmpty(bindPassword)) {
			conn.bind(new SimpleBindRequest(bindUserName, bindPassword));
			}

			return conn;

			} catch (URISyntaxException e) {
			logger.error("Bad LDAP URL, should be in the form: ldap(s\|+tls)://<server>:<port>", e);
			} catch (GeneralSecurityException e) {

	releases.moxie	2 ●●●●● patch \| view \| raw \| blame \| history
	src/main/java/com/gitblit/LdapUserService.java	61 ●●●●● patch \| view \| raw \| blame \| history

			@@ -11,6 +11,7 @@
			security: ~
			fixes:
			- Fixed support for implied SSH urls in web.otherUrls (issue-311)
			- Bind LDAP connection after establishing TLS initialization (issue-343)
			- Fix potential NPE on removing uncached repository from cache
			- Ignore the default contents of .git/description file
			- Fix error on generating activity page when there is no activity
			@@ -69,6 +70,7 @@
			- Chad Horohoe
			- Domingo Oropeza
			- Chris Graham
			- Guenter Dressel
			}

			#