From 0cb7a9c08cfaebeace058dc806099051f163f172 Mon Sep 17 00:00:00 2001 From: James Moger <james.moger@gitblit.com> Date: Tue, 24 Apr 2012 17:19:40 -0400 Subject: [PATCH] Merge pull request #12 from jcrygier/ldap_unboundid --- distrib/gitblit.properties | 59 +++++++++++++++++++++++++++++++++++++++++++++++++---------- 1 files changed, 49 insertions(+), 10 deletions(-) diff --git a/distrib/gitblit.properties b/distrib/gitblit.properties index acceb88..527b726 100644 --- a/distrib/gitblit.properties +++ b/distrib/gitblit.properties @@ -139,14 +139,7 @@ # URL of the LDAP server. # # SINCE 1.0.0 -realm.ldap.server = ldap://my.ldap.server - -# The LDAP domain to prepend to all usernames during authentication. If -# unspecified, all logins must prepend the domain to their username. -# e.g. mydomain -# -# SINCE 1.0.0 -realm.ldap.domain = +realm.ldap.server = ldap://localhost # Login username for LDAP searches. # The domain prefix may be omitted if it matches the domain specified in @@ -156,12 +149,12 @@ # e.g. mydomain\\username # # SINCE 1.0.0 -realm.ldap.username = +realm.ldap.username = cn=Directory Manager # Login password for LDAP searches. # # SINCE 1.0.0 -realm.ldap.password = +realm.ldap.password = password # The LdapUserService must be backed by another user service for standard user # and team management. @@ -182,6 +175,52 @@ # SINCE 1.0.0 realm.ldap.maintainTeams = false +# Root node that all Users sit under in LDAP +# +# This is the root node that searches for user information will begin from in LDAP +# If blank, it will search ALL of ldap. +# +# SINCE 1.0.0 +realm.ldap.accountBase = OU=Users,OU=UserControl,OU=MyOrganization,DC=MyDomain + +# Filter Criteria for Users in LDAP +# +# Query pattern to use when searching for a user account. This may be any valid +# LDAP query expression, including the standard (&) and (|) operators. Variables may +# be injected via the ${variableName} syntax. Recognized variables are: +# ${username} - The text entered as the user name +# +# SINCE 1.0.0 +realm.ldap.accountPattern = (&(objectClass=person)(sAMAccountName=${username})) + +# Root node that all Teams sit under in LDAP +# +# This is the node that searches for team information will begin from in LDAP +# If blank, it will search ALL of ldap. +# +# SINCE 1.0.0 +realm.ldap.groupBase = OU=Groups,OU=UserControl,OU=MyOrganization,DC=MyDomain + +# Filter Criteria for Teams in LDAP +# +# Query pattern to use when searching for a team. This may be any valid +# LDAP query expression, including the standard (&) and (|) operators. Variables may +# be injected via the ${variableName} syntax. Recognized variables are: +# ${username} - The text entered as the user name +# ${dn} - The Distinguished Name of the user logged in +# All attributes on the User's record are also passed in. For example, if a user has an +# attribute "fullName" set to "John", "(fn=${fullName})" will be translated to "(fn=John)". +# +# SINCE 1.0.0 +realm.ldap.groupMemberPattern = (&(objectClass=group)(member=${dn})) + +# Users and or teams that are Admins, read from LDAP +# +# This is a space delimited list. If it starts with @, it indicates a Team Name +# +# SINCE 1.0.0 +realm.ldap.admins= @Git_Admins + # # Gitblit Web Settings # -- Gitblit v1.9.1