From f3b625d298bab922c64192c25914e352bd87e59e Mon Sep 17 00:00:00 2001
From: John Crygier <john.crygier@aon.com>
Date: Tue, 10 Apr 2012 13:48:06 -0400
Subject: [PATCH] Rework LDAP implementation with unboundid.  Also allows for an LDAP server to be started with Gitblit GO (backed by an LDIF file).

---
 distrib/gitblit.properties |   52 +++++++++++++++++++++++++++++++++++++++++++++-------
 1 files changed, 45 insertions(+), 7 deletions(-)

diff --git a/distrib/gitblit.properties b/distrib/gitblit.properties
index acceb88..147f2a1 100644
--- a/distrib/gitblit.properties
+++ b/distrib/gitblit.properties
@@ -141,13 +141,6 @@
 # SINCE 1.0.0
 realm.ldap.server = ldap://my.ldap.server
 
-# The LDAP domain to prepend to all usernames during authentication.  If
-# unspecified, all logins must prepend the domain to their username.
-# e.g. mydomain
-#
-# SINCE 1.0.0
-realm.ldap.domain = 
-
 # Login username for LDAP searches.
 # The domain prefix may be omitted if it matches the domain specified in
 # *realm.ldap.domain*. If this value is unspecified, anonymous LDAP login will
@@ -182,6 +175,51 @@
 # SINCE 1.0.0
 realm.ldap.maintainTeams = false
 
+# Root node that all Users sit under in LDAP
+#
+# This is the node that searches for user information will begin from in LDAP
+# If blank, it will search ALL of ldap.  
+#
+# SINCE 1.0.0
+realm.ldap.accountBase = ou=people,dc=example,dc=com
+
+# Filter Criteria for Users in LDAP
+#
+# Query pattern to use when searching for a user account. This may be any valid 
+# LDAP query expression, including the standard (&) and (|) operators.
+# The variable ${username} is replaced  by the string entered by the end user
+#
+# SINCE 1.0.0
+realm.ldap.accountPattern = (&(objectClass=person)(sAMAccountName=${username}))
+
+# Root node that all Teams sit under in LDAP
+#
+# This is the node that searches for user information will begin from in LDAP
+# If blank, it will search ALL of ldap.  
+#
+# SINCE 1.0.0
+realm.ldap.groupBase = ou=groups,dc=example,dc=com
+
+# Filter Criteria for Teams in LDAP
+#
+# Query pattern to use when searching for a team. This may be any valid 
+# LDAP query expression, including the standard (&) and (|) operators.
+# The variable ${username} is replaced  by the string entered by the end user.
+# Other variables appearing in the pattern, such as ${fooBarAttribute}, 
+# are replaced with the value of the corresponding attribute (in this case, fooBarAttribute) 
+# as read from the user's account object matched under realm.ldap.accountBase. Attributes such 
+# as ${dn} or ${uidNumber} may be useful.
+#
+# SINCE 1.0.0
+realm.ldap.groupMemberPattern = (&(objectClass=group)(member=${dn}))
+
+# Users and or teams that are Admins, read from LDAP
+#
+# This is a space delimited list.  If it starts with @, it indicates a Team Name  
+#
+# SINCE 1.0.0
+realm.ldap.admins= @Git_Admins
+
 #
 # Gitblit Web Settings
 #

--
Gitblit v1.9.1