Documentation

James Moger

2012-04-24 6e15cb51ddcf24c725633c4ab1ff71959b036eb4

 src/com/gitblit/LdapUserService.java

@@ -20,6 +20,7 @@
import java.net.URI;

import java.net.URISyntaxException;

import java.security.GeneralSecurityException;

import java.util.List;



import org.slf4j.Logger;

import org.slf4j.LoggerFactory;

@@ -55,7 +56,7 @@
   @Override

   public void setup(IStoredSettings settings) {

      this.settings = settings;

      String file = settings.getString(Keys.realm.ldap_backingUserService, "users.conf");

      String file = settings.getString(Keys.realm.ldap.backingUserService, "users.conf");

      File realmFile = GitBlit.getFileOrFolder(file);



      serviceImpl = createUserService(realmFile);

@@ -64,9 +65,9 @@
   

   private LDAPConnection getLdapConnection() {

      try {

         URI ldapUrl = new URI(settings.getRequiredString(Keys.realm.ldap_server));

         String bindUserName = settings.getString(Keys.realm.ldap_username, "");

         String bindPassword = settings.getString(Keys.realm.ldap_password, "");

         URI ldapUrl = new URI(settings.getRequiredString(Keys.realm.ldap.server));

         String bindUserName = settings.getString(Keys.realm.ldap.username, "");

         String bindPassword = settings.getString(Keys.realm.ldap.password, "");

         int ldapPort = ldapUrl.getPort();

         

         if (ldapUrl.getScheme().equalsIgnoreCase("ldaps")) {   // SSL

@@ -113,7 +114,7 @@
    * @since 1.0.0

    */   

   public boolean supportsTeamMembershipChanges() {

      return !settings.getBoolean(Keys.realm.ldap_maintainTeams, false);

      return !settings.getBoolean(Keys.realm.ldap.maintainTeams, false);

   }



   /**

@@ -134,8 +135,8 @@
      LDAPConnection ldapConnection = getLdapConnection();      

      if (ldapConnection != null) {

         // Find the logging in user's DN

         String accountBase = settings.getString(Keys.realm.ldap_accountBase, "");

         String accountPattern = settings.getString(Keys.realm.ldap_accountPattern, "(&(objectClass=person)(sAMAccountName=${username}))");

         String accountBase = settings.getString(Keys.realm.ldap.accountBase, "");

         String accountPattern = settings.getString(Keys.realm.ldap.accountPattern, "(&(objectClass=person)(sAMAccountName=${username}))");

         accountPattern = StringUtils.replace(accountPattern, "${username}", simpleUsername);



         SearchResult result = doSearch(ldapConnection, accountBase, accountPattern);

@@ -144,7 +145,7 @@
            String loggingInUserDN = loggingInUser.getDN();

            

            if (isAuthenticated(ldapConnection, loggingInUserDN, new String(password))) {

               logger.debug("Authenitcated: " + username);

               logger.debug("LDAP authenticated: " + username);

               

               UserModel user = getUserModel(simpleUsername);

               if (user == null)   // create user object for new authenticated user

@@ -174,25 +175,24 @@
   }



   private void setAdminAttribute(UserModel user) {

      String adminString = settings.getString(Keys.realm.ldap_admins, "");

      String[] admins = adminString.split(" ");

      user.canAdmin = false;

      for (String admin : admins) {

         if (admin.startsWith("@")) { // Team

            if (user.getTeam(admin.substring(1)) != null)

               user.canAdmin = true;

         } else

            if (user.getName().equalsIgnoreCase(admin))

               user.canAdmin = true;

      }

       user.canAdmin = false;

       List<String>  admins = settings.getStrings(Keys.realm.ldap.admins);

       for (String admin : admins) {

           if (admin.startsWith("@")) { // Team

               if (user.getTeam(admin.substring(1)) != null)

                   user.canAdmin = true;

           } else

               if (user.getName().equalsIgnoreCase(admin))

                   user.canAdmin = true;

       }

   }



   private void getTeamsFromLdap(LDAPConnection ldapConnection, String simpleUsername, SearchResultEntry loggingInUser, UserModel user) {

      String loggingInUserDN = loggingInUser.getDN();

      

      user.teams.clear();      // Clear the users team memberships - we're going to get them from LDAP

      String groupBase = settings.getString(Keys.realm.ldap_groupBase, "");

      String groupMemberPattern = settings.getString(Keys.realm.ldap_groupMemberPattern, "(&(objectClass=group)(member=${dn}))");

      String groupBase = settings.getString(Keys.realm.ldap.groupBase, "");

      String groupMemberPattern = settings.getString(Keys.realm.ldap.groupMemberPattern, "(&(objectClass=group)(member=${dn}))");

      

      groupMemberPattern = StringUtils.replace(groupMemberPattern, "${dn}", loggingInUserDN);

      groupMemberPattern = StringUtils.replace(groupMemberPattern, "${username}", simpleUsername);

@@ -219,14 +219,14 @@
   

   private TeamModel createTeamFromLdap(SearchResultEntry teamEntry) {

      TeamModel answer = new TeamModel(teamEntry.getAttributeValue("cn"));

      // If attributes other than team name ever from from LDAP, this is where to get them

      // potentially retrieve other attributes here in the future

      

      return answer;      

   }

   

   private UserModel createUserFromLdap(String simpleUserName, SearchResultEntry userEntry) {

      UserModel answer = new UserModel(simpleUserName);

      //If attributes other than user name ever from from LDAP, this is where to get them

      // potentially retrieve other attributes here in the future

      

      return answer;

   }

@@ -246,7 +246,7 @@
         ldapConnection.bind(userDn, password);

         return true;

      } catch (LDAPException e) {

         logger.error("Error authenitcating user", e);

         logger.error("Error authenticating user", e);

         return false;

      }

   }