From b94965e87929c6b4e42f9a2078dc0d910cc2637d Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Wed, 09 May 2012 07:59:00 -0400
Subject: [PATCH] Merge pull request #17 from peterloron/master

---
 src/com/gitblit/LdapUserService.java |   89 +++++++++++++++++++++++++++++---------------
 1 files changed, 58 insertions(+), 31 deletions(-)

diff --git a/src/com/gitblit/LdapUserService.java b/src/com/gitblit/LdapUserService.java
index 674e2a0..78b5f99 100644
--- a/src/com/gitblit/LdapUserService.java
+++ b/src/com/gitblit/LdapUserService.java
@@ -56,7 +56,7 @@
 	@Override
 	public void setup(IStoredSettings settings) {
 		this.settings = settings;
-		String file = settings.getString(Keys.realm.ldap_backingUserService, "users.conf");
+		String file = settings.getString(Keys.realm.ldap.backingUserService, "users.conf");
 		File realmFile = GitBlit.getFileOrFolder(file);
 
 		serviceImpl = createUserService(realmFile);
@@ -65,9 +65,9 @@
 	
 	private LDAPConnection getLdapConnection() {
 		try {
-			URI ldapUrl = new URI(settings.getRequiredString(Keys.realm.ldap_server));
-			String bindUserName = settings.getString(Keys.realm.ldap_username, "");
-			String bindPassword = settings.getString(Keys.realm.ldap_password, "");
+			URI ldapUrl = new URI(settings.getRequiredString(Keys.realm.ldap.server));
+			String bindUserName = settings.getString(Keys.realm.ldap.username, "");
+			String bindPassword = settings.getString(Keys.realm.ldap.password, "");
 			int ldapPort = ldapUrl.getPort();
 			
 			if (ldapUrl.getScheme().equalsIgnoreCase("ldaps")) {	// SSL
@@ -106,6 +106,29 @@
 	}
 	
 	/**
+	 * If no displayName pattern is defined then Gitblit can manage the display name.
+	 *
+	 * @return true if Gitblit can manage the user display name
+	 * @since 1.0.0
+	 */
+	@Override
+	public boolean supportsDisplayNameChanges() {
+		return StringUtils.isEmpty(settings.getString(Keys.realm.ldap.displayName, ""));
+	}
+	
+	/**
+	 * If no email pattern is defined then Gitblit can manage the email address.
+	 *
+	 * @return true if Gitblit can manage the user email address
+	 * @since 1.0.0
+	 */
+	@Override
+	public boolean supportsEmailAddressChanges() {
+		return StringUtils.isEmpty(settings.getString(Keys.realm.ldap.email, ""));
+	}
+
+	
+	/**
 	 * If the LDAP server will maintain team memberships then LdapUserService
 	 * will not allow team membership changes.  In this scenario all team
 	 * changes must be made on the LDAP server by the LDAP administrator.
@@ -114,7 +137,7 @@
 	 * @since 1.0.0
 	 */	
 	public boolean supportsTeamMembershipChanges() {
-		return !settings.getBoolean(Keys.realm.ldap_maintainTeams, false);
+		return !settings.getBoolean(Keys.realm.ldap.maintainTeams, false);
 	}
 
 	/**
@@ -135,8 +158,8 @@
 		LDAPConnection ldapConnection = getLdapConnection();		
 		if (ldapConnection != null) {
 			// Find the logging in user's DN
-			String accountBase = settings.getString(Keys.realm.ldap_accountBase, "");
-			String accountPattern = settings.getString(Keys.realm.ldap_accountPattern, "(&(objectClass=person)(sAMAccountName=${username}))");
+			String accountBase = settings.getString(Keys.realm.ldap.accountBase, "");
+			String accountPattern = settings.getString(Keys.realm.ldap.accountPattern, "(&(objectClass=person)(sAMAccountName=${username}))");
 			accountPattern = StringUtils.replace(accountPattern, "${username}", escapeLDAPSearchFilter(simpleUsername));
 
 			SearchResult result = doSearch(ldapConnection, accountBase, accountPattern);
@@ -145,7 +168,7 @@
 				String loggingInUserDN = loggingInUser.getDN();
 				
 				if (isAuthenticated(ldapConnection, loggingInUserDN, new String(password))) {
-					logger.debug("Authenitcated: " + username);
+					logger.debug("LDAP authenticated: " + username);
 					
 					UserModel user = getUserModel(simpleUsername);
 					if (user == null)	// create user object for new authenticated user
@@ -176,7 +199,7 @@
 
 	private void setAdminAttribute(UserModel user) {
 	    user.canAdmin = false;
-	    List<String>  admins = settings.getStrings(Keys.realm.ldap_admins);
+	    List<String>  admins = settings.getStrings(Keys.realm.ldap.admins);
 	    for (String admin : admins) {
 	        if (admin.startsWith("@")) { // Team
 	            if (user.getTeam(admin.substring(1)) != null)
@@ -194,27 +217,31 @@
 		// Don't want visibility into the real password, make up a dummy
 		user.password = "StoredInLDAP";
 		
-		// Get Attributes for full name / email
-		String displayName = settings.getString(Keys.realm.ldap_displayName, "displayName");
-		String email = settings.getString(Keys.realm.ldap_email, "email");
+		// Get full name Attribute
+		String displayName = settings.getString(Keys.realm.ldap.displayName, "");		
+		if (!StringUtils.isEmpty(displayName)) {
+			// Replace embedded ${} with attributes
+			if (displayName.contains("${")) {
+				for (Attribute userAttribute : userEntry.getAttributes())
+					displayName = StringUtils.replace(displayName, "${" + userAttribute.getName() + "}", userAttribute.getValue());
 
-		// Replace embedded ${} with attributes
-		if (displayName.contains("${")) {
-			for (Attribute userAttribute : userEntry.getAttributes())
-				displayName = StringUtils.replace(displayName, "${" + userAttribute.getName() + "}", userAttribute.getValue());
-			
-			user.displayName = displayName;
-		} else {
-			user.displayName = userEntry.getAttribute(displayName).getValue();
+				user.displayName = displayName;
+			} else {
+				user.displayName = userEntry.getAttribute(displayName).getValue();
+			}
 		}
 		
-		if (email.contains("${")) {
-			for (Attribute userAttribute : userEntry.getAttributes())
-				email = StringUtils.replace(email, "${" + userAttribute.getName() + "}", userAttribute.getValue());
-			
-			user.emailAddress = email;
-		} else {
-			user.emailAddress = userEntry.getAttribute(email).getValue();
+		// Get email address Attribute
+		String email = settings.getString(Keys.realm.ldap.email, "");
+		if (!StringUtils.isEmpty(email)) {
+			if (email.contains("${")) {
+				for (Attribute userAttribute : userEntry.getAttributes())
+					email = StringUtils.replace(email, "${" + userAttribute.getName() + "}", userAttribute.getValue());
+
+				user.emailAddress = email;
+			} else {
+				user.emailAddress = userEntry.getAttribute(email).getValue();
+			}
 		}
 	}
 
@@ -222,8 +249,8 @@
 		String loggingInUserDN = loggingInUser.getDN();
 		
 		user.teams.clear();		// Clear the users team memberships - we're going to get them from LDAP
-		String groupBase = settings.getString(Keys.realm.ldap_groupBase, "");
-		String groupMemberPattern = settings.getString(Keys.realm.ldap_groupMemberPattern, "(&(objectClass=group)(member=${dn}))");
+		String groupBase = settings.getString(Keys.realm.ldap.groupBase, "");
+		String groupMemberPattern = settings.getString(Keys.realm.ldap.groupMemberPattern, "(&(objectClass=group)(member=${dn}))");
 		
 		groupMemberPattern = StringUtils.replace(groupMemberPattern, "${dn}", escapeLDAPSearchFilter(loggingInUserDN));
 		groupMemberPattern = StringUtils.replace(groupMemberPattern, "${username}", escapeLDAPSearchFilter(simpleUsername));
@@ -250,7 +277,7 @@
 	
 	private TeamModel createTeamFromLdap(SearchResultEntry teamEntry) {
 		TeamModel answer = new TeamModel(teamEntry.getAttributeValue("cn"));
-		// If attributes other than team name ever from from LDAP, this is where to get them
+		// potentially retrieve other attributes here in the future
 		
 		return answer;		
 	}
@@ -271,7 +298,7 @@
 			ldapConnection.bind(userDn, password);
 			return true;
 		} catch (LDAPException e) {
-			logger.error("Error authenitcating user", e);
+			logger.error("Error authenticating user", e);
 			return false;
 		}
 	}

--
Gitblit v1.9.1