From 1d78b8b372f15d89f10fd32cb0227a6a7966de3c Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Thu, 17 Apr 2014 23:08:07 -0400
Subject: [PATCH] [findbugs] Clarify class used for resource loading

---
 src/main/distrib/data/gitblit.properties |  583 +++++++++++++++++++++++++++++++++++++++++++++------------
 1 files changed, 455 insertions(+), 128 deletions(-)

diff --git a/src/main/distrib/data/gitblit.properties b/src/main/distrib/data/gitblit.properties
index 63d903d..3215094 100644
--- a/src/main/distrib/data/gitblit.properties
+++ b/src/main/distrib/data/gitblit.properties
@@ -83,7 +83,7 @@
 #
 # SINCE 1.3.0
 # RESTART REQUIRED
-git.daemonBindInterface = localhost
+git.daemonBindInterface = 
 
 # port for serving the Git Daemon service.  <= 0 disables this service.
 # On Unix/Linux systems, ports < 1024 require root permissions.
@@ -92,6 +92,52 @@
 # SINCE 1.3.0
 # RESTART REQUIRED
 git.daemonPort = 9418
+
+# The port for serving the SSH service.  <= 0 disables this service.
+# On Unix/Linux systems, ports < 1024 require root permissions.
+# Recommended value: 29418
+#
+# SINCE 1.5.0
+# RESTART REQUIRED
+git.sshPort = 29418
+
+# Specify the interface for the SSH daemon to bind its service.
+# You may specify an ip or an empty value to bind to all interfaces.
+# Specifying localhost will result in Gitblit ONLY listening to requests to
+# localhost.
+#
+# SINCE 1.5.0
+# RESTART REQUIRED
+git.sshBindInterface = 
+
+# Specify the SSH key manager to use for retrieving, storing, and removing
+# SSH keys.
+#
+# Valid key managers are:
+#    com.gitblit.transport.ssh.FileKeyManager
+#
+# SINCE 1.5.0
+git.sshKeysManager = com.gitblit.transport.ssh.FileKeyManager
+
+# Directory for storing user SSH keys when using the FileKeyManager.
+#
+# SINCE 1.5.0
+git.sshKeysFolder= ${baseFolder}/ssh
+
+# SSH backend NIO2|MINA.
+#
+# The Apache Mina project recommends using the NIO2 backend.
+#
+# SINCE 1.5.0
+git.sshBackend = NIO2
+
+# Number of threads used to parse a command line submitted by a client over SSH
+# for execution, create the internal data structures used by that command,
+# and schedule it for execution on another thread.
+#
+# SINCE 1.5.0
+git.sshCommandStartThreads = 2
+
 
 # Allow push/pull over http/https with JGit servlet.
 # If you do NOT want to allow Git clients to clone/push to Gitblit set this
@@ -131,6 +177,16 @@
 # SINCE 0.9.0
 git.onlyAccessBareRepositories = false
 
+
+# Specify the list of acceptable transports for pushes.
+# If this setting is empty, all transports are acceptable.
+#
+# Valid choices are: GIT HTTP HTTPS SSH
+#
+# SINCE 1.5.0
+# SPACE-DELIMITED
+git.acceptedPushTransports = HTTP HTTPS SSH
+
 # Allow an authenticated user to create a destination repository on a push if
 # the repository does not already exist.
 #
@@ -145,6 +201,18 @@
 # SINCE 1.2.0
 git.allowCreateOnPush = true
 
+# Global setting to control anonymous pushes.
+#
+# This setting allows/rejects anonymous pushes at the level of the receive pack.
+# This trumps all repository config settings.  While anonymous pushes are convenient
+# on your own box when you are a lone developer,  they are not recommended for
+# any multi-user installation where accountability is required.  Since Gitblit
+# tracks pushes and user accounts, allowing anonymous pushes compromises that
+# information.
+#
+# SINCE 1.4.0
+git.allowAnonymousPushes = false
+
 # The default access restriction for new repositories.
 # Valid values are NONE, PUSH, CLONE, VIEW
 #  NONE = anonymous view, clone, & push
@@ -153,7 +221,7 @@
 #  VIEW = authenticated view, clone, & push
 #
 # SINCE 1.0.0
-git.defaultAccessRestriction = NONE
+git.defaultAccessRestriction = PUSH
 
 # The default authorization control for new repositories.
 # Valid values are AUTHENTICATED and NAMED
@@ -162,6 +230,23 @@
 #
 # SINCE 1.1.0
 git.defaultAuthorizationControl = NAMED
+
+# The prefix for a users personal repository directory.
+#
+# Personal user repositories are created in this directory, named by the user name
+# prefixed with the userRepositoryPrefix. For eaxmple, a user 'john' would have his
+# personal repositories in the directory '~john'.
+#
+# Cannot be an empty string. Also, absolute paths are changed to relative paths by 
+# removing the first directory separator.
+#
+# It is not recommended to change this value AFTER your user's have created
+# personal repositories because it will break all permissions, ownership, and
+# repository push/pull operations. 
+#
+# RESTART REQUIRED
+# SINCE 1.4.0
+git.userRepositoryPrefix = ~
 
 # The default incremental push tag prefix.  Tag prefix applied to a repository
 # that has automatic push tags enabled and does not specify a custom tag prefix.
@@ -173,6 +258,18 @@
 #
 # SINCE 1.3.0
 git.defaultIncrementalPushTagPrefix = r
+
+# Controls creating a repository as --shared on Unix servers.
+#
+# In an Unix environment where mixed access methods exist for shared repositories,
+# the repository should be created with 'git init --shared' to make sure that
+# it can be accessed e.g. via ssh (user git) and http (user www-data).
+#
+# Valid values are the values available for the '--shared' option. The the manual
+# page for 'git init' for more information on shared repositories.
+#
+# SINCE 1.4.0
+git.createRepositoriesShared = false
 
 # Enable JGit-based garbage collection. (!!EXPERIMENTAL!!)
 #
@@ -234,6 +331,34 @@
 #
 # SINCE 1.2.0
 git.defaultGarbageCollectionPeriod = 7
+
+# Gitblit can automatically fetch ref updates for a properly configured mirror
+# repository.
+#
+# Requirements:
+# 1. you must manually clone the repository using native git
+#    git clone --mirror git://somewhere.com/myrepo.git
+# 2. the "origin" remote must be the mirror source
+# 3. the "origin" repository must be accessible without authentication OR the
+#    credentials must be embedded in the origin url (not recommended)
+#
+# Notes:
+# 1. "origin" SSH urls are untested and not likely to work
+# 2. mirrors cloned while Gitblit is running are likely to require clearing the
+#    gitblit cache (link on the repositories page of an administrator account)
+# 3. Gitblit will automatically repair any invalid fetch refspecs with a "//"
+#    sequence.
+#
+# SINCE 1.4.0
+# RESTART REQUIRED
+git.enableMirroring = false
+
+# Specify the period between update checks for mirrored repositories.
+# The shortest period you may specify between mirror update checks is 5 mins.
+#
+# SINCE 1.4.0
+# RESTART REQUIRED
+git.mirrorPeriod = 30 mins
 
 # Number of bytes of a pack file to load into memory in a single read operation.
 # This is the "page size" of the JGit buffer cache, used for all pack access
@@ -312,6 +437,33 @@
 # Common unit suffixes of k, m, or g are supported.
 # Documentation courtesy of the Gerrit project.
 #
+#
+# NOTE: The importance of JGit's streamFileTreshold AND Git's bigFileThreshold
+# ISSUE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=394078
+#
+# "core.bigFileThreshold  
+#
+#    Files larger than this size are stored deflated, without
+#    attempting delta compression.  Storing large files without
+#    delta compression avoids excessive memory usage, at the
+#    slight expense of increased disk usage.
+#
+#  Default is 512 MiB on all platforms.
+#  This should be reasonable for most projects as source code and other 
+#  text files can still be delta compressed, 
+#  but larger binary media files won't be."
+#  -- Git documentation
+#
+# If streamFileTreshold < bigFileTreshold you _may_ spend alot of time waiting
+# for push and/or fetch to complete.  It may even look hung.
+#
+# Until the issue is resolved gracefully, a workaround is to configure
+# bigFileThreshold < streamFileTreshold AND then repack the repository.
+#
+# e.g. from the repository folder with Gitblit NOT running:
+#     git config core.bigFileTreshold 40m
+#     git gc --aggressive
+#
 # SINCE 1.0.0
 # RESTART REQUIRED
 git.streamFileThreshold = 50m
@@ -332,6 +484,134 @@
 # SINCE 1.0.0
 # RESTART REQUIRED
 git.packedGitMmap = false
+
+# Validate all received (pushed) objects are valid.
+#
+# SINCE 1.5.0
+git.checkReceivedObjects = true
+
+# Validate all referenced but not supplied objects are reachable.
+#
+# If enabled, Gitblit will verify that references to objects not contained
+# within the received pack are already reachable through at least one other
+# reference advertised to clients.
+#
+# This feature is useful when Gitblit doesn't trust the client to not provide a
+# forged SHA-1 reference to an object, in an attempt to access parts of the DAG
+# that they aren't allowed to see and which have been hidden from them via the
+# configured AdvertiseRefsHook or RefFilter.
+#
+# Enabling this feature may imply at least some, if not all, of the same functionality
+# performed by git.checkReceivedObjects. 
+#
+# SINCE 1.5.0
+git.checkReferencedObjectsAreReachable = true
+
+# Set the maximum allowed Git object size.
+#
+# If an object is larger than the given size the pack-parsing will throw an exception
+# aborting the receive-pack operation.  The default value, 0, disables maximum
+# object size checking.
+#
+# SINCE 1.5.0
+git.maxObjectSizeLimit = 0
+
+# Set the maximum allowed pack size.
+#
+# A pack exceeding this size will be rejected. The default value, -1, disables
+# maximum pack size checking.
+#
+# SINCE 1.5.0
+git.maxPackSizeLimit = -1
+
+# Use the Gitblit patch receive pack for processing contributions and tickets.
+# This allows the user to push a patch using the familiar Gerrit syntax:
+#
+#    git push <remote> HEAD:refs/for/<targetBranch>
+#
+# NOTE:
+# This requires git.enableGitServlet = true AND it requires an authenticated
+# git transport connection (http/https) when pushing from a client.
+#
+# Valid services include:
+#    com.gitblit.tickets.FileTicketService
+#    com.gitblit.tickets.BranchTicketService
+#    com.gitblit.tickets.RedisTicketService
+#
+# SINCE 1.4.0
+# RESTART REQUIRED
+tickets.service = 
+
+# Globally enable or disable creation of new bug, enhancement, task, etc tickets
+# for all repositories.
+#
+# If false, no tickets can be created through the ui for any repositories.
+# If true, each repository can control if they allow new tickets to be created.
+#
+# NOTE:
+# If a repository is accepting patchsets, new proposal tickets can be created
+# regardless of this setting.
+#
+# SINCE 1.4.0
+tickets.acceptNewTickets = true
+
+# Globally enable or disable pushing patchsets to all repositories.
+#
+# If false, no patchsets will be accepted for any repositories.
+# If true, each repository can control if they accept new patchsets.
+#
+# NOTE:
+# If a repository is accepting patchsets, new proposal tickets can be created
+# regardless of the acceptNewTickets setting.
+#
+# SINCE 1.4.0
+tickets.acceptNewPatchsets = true
+
+# Default setting to control patchset merge through the web ui.  If true, patchsets
+# must have an approval score to enable the merge button.  This setting can be
+# overriden per-repository.
+#
+# SINCE 1.4.0
+tickets.requireApproval = false
+
+# The case-insensitive regular expression used to identify and close tickets on
+# push to the integration branch for commits that are NOT already referenced as
+# a patchset tip.
+#
+# SINCE 1.5.0
+tickets.closeOnPushCommitMessageRegex = (?:fixes|closes)[\\s-]+#?(\\d+)
+
+# Specify the location of the Lucene Ticket index
+#
+# SINCE 1.4.0
+# RESTART REQUIRED
+tickets.indexFolder = ${baseFolder}/tickets/lucene
+
+# Define the url for the Redis server.
+#
+# e.g. redis://localhost:6379
+#      redis://:foobared@localhost:6379/2
+#
+# SINCE 1.4.0
+# RESTART REQUIRED
+tickets.redis.url =
+
+# The number of tickets to display on a page.
+#
+# SINCE 1.4.0
+tickets.perPage = 25
+
+# The folder where plugins are loaded from.
+#
+# SINCE 1.5.0
+# RESTART REQUIRED
+# BASEFOLDER
+plugins.folder = ${baseFolder}/plugins
+
+# The registry of available plugins.
+#
+# SINCE 1.5.0
+plugins.registry = http://plugins.gitblit.com/plugins.json
 
 #
 # Groovy Integration
@@ -432,7 +712,7 @@
 #
 # SINCE 1.2.1
 # RESTART REQUIRED
-fanout.bindInterface = localhost
+fanout.bindInterface = 
 
 # port for serving the Fanout PubSub service.  <= 0 disables this service.
 # On Unix/Linux systems, ports < 1024 require root permissions.
@@ -493,16 +773,7 @@
 web.projectsFile = ${baseFolder}/projects.conf
 
 # Either the full path to a user config file (users.conf)
-# OR the full path to a simple user properties file (users.properties)
 # OR a fully qualified class name that implements the IUserService interface.
-#
-# Alternative user services:
-#    com.gitblit.LdapUserService
-#    com.gitblit.RedmineUserService
-#    com.gitblit.SalesforceUserService
-#    com.gitblit.WindowsUserService
-#    com.gitblit.PAMUserService
-#    com.gitblit.HtpasswdUserService
 #
 # Any custom user service implementation must have a public default constructor.
 #
@@ -510,6 +781,25 @@
 # RESTART REQUIRED
 # BASEFOLDER
 realm.userService = ${baseFolder}/users.conf
+
+# Ordered list of external authentication providers which will be used if
+# authentication against the local user service fails.
+#
+# Valid providers are:
+#
+#    htpasswd
+#    ldap
+#    pam
+#    redmine
+#    salesforce
+#    windows
+
+# e.g. realm.authenticationProviders = htpasswd windows
+#
+# SINCE 1.4.0
+# RESTART REQUIRED
+# SPACE-DELIMITED
+realm.authenticationProviders =
 
 # How to store passwords.
 # Valid values are plain, md5, or combined-md5.  md5 is the hash of password.
@@ -533,12 +823,25 @@
 # SINCE 0.5.0
 web.siteName =
 
+# The canonical url of your Gitblit server to bs used in email notifications.
+# e.g. web.canonicalUrl = https://demo-gitblit.rhcloud.com
+#
+# SINCE 1.4.0
+web.canonicalUrl = 
+
 # You may specify a different logo image for the header but it must be 120x45px.
 # If the specified file does not exist, the default Gitblit logo will be used.
 #
 # SINCE 1.3.0
 # BASEFOLDER
 web.headerLogo = ${baseFolder}/logo.png
+
+# You may specify a different link URL for the logo image anchor.
+# If blank the Gitblit main page URL is used.
+#
+# SINCE 1.3.0
+# BASEFOLDER
+web.rootLink =
 
 # You may specify a custom header background CSS color.  If unspecified, the
 # default color will be used.
@@ -588,6 +891,14 @@
 #
 # SINCE 0.5.0 
 web.allowAdministration = true
+
+# Setting to disable rendering the top-level navigation header which includes
+# the login form, top-level links like dashboard, repositories, search, etc.
+# This setting is only useful if you plan to embed Gitblit within another page
+# or system.
+#
+# SINCE 1.4.0
+web.hideHeader = false
 
 # Allows rpc clients to list repositories and possibly manage or administer the 
 # Gitblit server, if the authenticated account has administrator permissions.
@@ -849,10 +1160,13 @@
 # SINCE 0.8.0
 web.repositoryListSwatches = true
 
-# Choose the diff presentation style: gitblt, gitweb, or plain
+# Defines the default commit message renderer.  This can be configured
+# per-repository.
 #
-# SINCE 0.5.0
-web.diffStyle = gitblit
+# Valid values are: plain, markdown
+#
+# SINCE 1.4.0
+web.commitMessageRenderer = plain
 
 # Control if email addresses are shown in web ui
 #
@@ -865,11 +1179,16 @@
 # SINCE 0.5.0
 web.showSearchTypeSelection = false
 
-# Generates a line graph of repository activity over time on the Summary page.
-# This uses the Google Charts API.
+# Controls display of activity graphs on the dashboard, activity, and summary
+# pages.  Charting makes use of the external Google Charts API.
 #
 # SINCE 0.5.0 
 web.generateActivityGraph = true
+
+# Displays the commits branch graph in the summary page and commits/log page.
+#
+# SINCE 1.4.0
+web.showBranchGraph = true
 
 # The default number of days to show on the activity page.
 # Value must exceed 0 else default of 7 is used
@@ -923,6 +1242,11 @@
 # SINCE 0.5.0
 web.summaryRefsCount = 5
 
+# Show a README file, if available, on the summary page.
+#
+# SINCE 1.4.0
+web.summaryShowReadme = false
+
 # The number of items to show on a page before showing the first, prev, next
 # pagination links.  A default of 50 is used for any invalid value.
 #
@@ -940,6 +1264,16 @@
 #
 # SINCE 1.3.0
 web.reflogChangesPerPage = 10
+
+# Specify the names of documents in the root of your repository to be displayed
+# in tabs on your repository docs page.  If the name is not found in the root
+# then no tab is added.  The order specified is the order displayed.  Do not
+# specify a file extension as the aggregation of markup extensions + txt are used
+# in the search algorithm.
+#
+# SPACE-DELIMITED
+# SINCE 1.4.0
+web.documents = readme home index changelog contributing submitting_patches copying license notice authors
 
 # Registered file extensions to ignore during Lucene indexing
 #
@@ -959,6 +1293,41 @@
 # CASE-SENSITIVE
 # SINCE 0.5.0
 web.markdownExtensions = md mkd markdown MD MKD
+
+# Registered extensions for mediawiki transformation
+#
+# SPACE-DELIMITED
+# CASE-SENSITIVE
+# SINCE 1.4.0
+web.mediawikiExtensions = mw mediawiki
+
+# Registered extensions for twiki transformation
+#
+# SPACE-DELIMITED
+# CASE-SENSITIVE
+# SINCE 1.4.0
+web.twikiExtensions = twiki
+
+# Registered extensions for textile transformation
+#
+# SPACE-DELIMITED
+# CASE-SENSITIVE
+# SINCE 1.4.0
+web.textileExtensions = textile
+
+# Registered extensions for confluence transformation
+#
+# SPACE-DELIMITED
+# CASE-SENSITIVE
+# SINCE 1.4.0
+web.confluenceExtensions = confluence
+
+# Registered extensions for tracwiki transformation
+#
+# SPACE-DELIMITED
+# CASE-SENSITIVE
+# SINCE 1.4.0
+web.tracwikiExtensions = tracwiki
 
 # Image extensions
 #
@@ -997,19 +1366,24 @@
 # Enable/disable global regex substitutions (i.e. shared across repositories)
 #
 # SINCE 0.5.0
+# DEPRECATED 1.4.0 (migrate to bugtraq instead)
 regex.global = true
 
 # Example global regex substitutions
 # Use !!! to separate the search pattern and the replace pattern
 # searchpattern!!!replacepattern
 # SINCE 0.5.0
-regex.global.bug = \\b(Bug:)(\\s*[#]?|-){0,1}(\\d+)\\b!!!<a href="http://somehost/bug/$3">Bug-Id: $3</a>
+
+# regex.global.bug = \\b(Bug:)(\\s*[#]?|-){0,1}(\\d+)\\b!!!Bug: <a href="http://somehost/bug/$3">$3</a>
 # SINCE 0.5.0
-regex.global.changeid = \\b(Change-Id:\\s*)([A-Za-z0-9]*)\\b!!!<a href="http://somehost/changeid/$2">Change-Id: $2</a>
+
+# Example Gerrit links
+# regex.global.changeid = \\b(Change-Id:\\s*)([A-Za-z0-9]*)\\b!!!Change-Id: <a href="http://somehost/r/#q,$2,n,z">$2</a>
+# regex.global.reviewedon = \\b(Reviewed-on:\\s*)([A-Za-z0-9:/\\.]*)\\b!!!Reviewed-on: <a href="$2">$2</a>
 
 # Example per-repository regex substitutions overrides global
 # SINCE 0.5.0
-regex.myrepository.bug = \\b(Bug:)(\\s*[#]?|-){0,1}(\\d+)\\b!!!<a href="http://elsewhere/bug/$3">Bug-Id: $3</a>
+# regex.myrepository.bug = \\b(Bug:)(\\s*[#]?|-){0,1}(\\d+)\\b!!!Bug: <a href="http://elsewhere/bug/$3">$3</a>
 
 #
 # Mail Settings
@@ -1193,19 +1567,16 @@
 # SINCE 1.3.0
 realm.container.autoCreateAccounts = false
 
-# The WindowsUserService must be backed by another user service for standard user
-# and team management.
-# default: users.conf
-#
-# RESTART REQUIRED
-# BASEFOLDER
-# SINCE 1.3.0
-realm.windows.backingUserService = ${baseFolder}/users.conf
-
 # Allow or prohibit Windows guest account logins
 #
 # SINCE 1.3.0
 realm.windows.allowGuests = false
+
+# Allow user accounts belonging to the BUILTIN\Administrators group to be
+# Gitblit administrators.
+#
+# SINCE 1.4.0
+realm.windows.permitBuiltInAdministrators = true
 
 # The default domain for authentication.
 #
@@ -1219,29 +1590,11 @@
 # SINCE 1.3.0
 realm.windows.defaultDomain =
 
-# The PAMUserService must be backed by another user service for standard user
-# and team management.
-# default: users.conf
-#
-# RESTART REQUIRED
-# BASEFOLDER
-# SINCE 1.3.1
-realm.pam.backingUserService = ${baseFolder}/users.conf
-
 # The PAM service name for authentication.
 # default: system-auth
 #
 # SINCE 1.3.1
 realm.pam.serviceName = system-auth
-
-# The HtpasswdUserService must be backed by another user service for standard user
-# and team management and attributes. This can be one of the local Gitblit user services.
-# default: users.conf
-#
-# RESTART REQUIRED
-# BASEFOLDER
-# SINCE 1.3.2
-realm.htpasswd.backingUserService = ${baseFolder}/users.conf
 
 # The Apache htpasswd file that contains the users and passwords.
 # default: ${baseFolder}/htpasswd
@@ -1250,30 +1603,6 @@
 # BASEFOLDER
 # SINCE 1.3.2
 realm.htpasswd.userfile = ${baseFolder}/htpasswd
-
-#  Determines how accounts are looked up upon login.
-#
-# If set to false, then authentication for local accounts is done against
-# the backing user service.
-# If set to true, then authentication will first be checked against the
-# htpasswd store, even if the account appears as a local account in the
-# backing user service. If the user is found in the htpasswd store, then
-# an already existing local account will be turned into an external account.
-# In this case an initial local password is never used and gets overwritten
-# by the externally stored password upon login.
-# default: false
-#
-# SINCE 1.3.2
-realm.htpasswd.overrideLocalAuthentication = false
-
-# The SalesforceUserService must be backed by another user service for standard user
-# and team management.
-# default: users.conf
-#
-# RESTART REQUIRED
-# BASEFOLDER
-# SINCE 1.3.0
-realm.salesforce.backingUserService = ${baseFolder}/users.conf
 
 # Restrict the Salesforce user to members of this org.
 # default: 0 (i.e. do not check the Org ID)
@@ -1301,14 +1630,14 @@
 # SINCE 1.0.0
 realm.ldap.password = password
 
-# The LdapUserService must be backed by another user service for standard user
-# and team management.
-# default: users.conf
+# Bind pattern for Authentication.
+# Allow to directly authenticate an user without LDAP Searches.
+# 
+# e.g. CN=${username},OU=Users,OU=UserControl,OU=MyOrganization,DC=MyDomain
 #
-# SINCE 1.0.0
-# RESTART REQUIRED
-# BASEFOLDER
-realm.ldap.backingUserService = ${baseFolder}/users.conf
+# SINCE 1.5.0
+realm.ldap.bindpattern = 
+
 
 # Delegate team membership control to LDAP.
 #
@@ -1366,10 +1695,20 @@
 # SINCE 1.0.0
 realm.ldap.groupMemberPattern = (&(objectClass=group)(member=${dn}))
 
+# Filter criteria for empty LDAP groups
+#
+# Query pattern to use when searching for an empty team. This may be any valid 
+# LDAP query expression, including the standard (&) and (|) operators.
+#
+# default: (&(objectClass=group)(!(member=*)))
+# SINCE 1.4.0
+realm.ldap.groupEmptyMemberPattern = (&(objectClass=group)(!(member=*)))
+
 # LDAP users or groups that should be given administrator privileges.
 #
 # Teams are specified with a leading '@' character.  Groups with spaces in the
-# name can be entered as "@team name".
+# name can be entered as "@team name".  This setting only applies when using
+# LDAP to maintain team memberships.
 #
 # e.g. realm.ldap.admins = john @git_admins "@git admins"
 #
@@ -1399,43 +1738,44 @@
 # SINCE 1.0.0
 realm.ldap.email = email
 
-# Defines the cache period to be used when caching LDAP queries. This is currently
-# only used for LDAP user synchronization.
-#
-# Must be of the form '<long> <TimeUnit>' where <TimeUnit> is one of 'MILLISECONDS', 'SECONDS', 'MINUTES', 'HOURS', 'DAYS' 
-# default: 2 MINUTES
-#
-# RESTART REQUIRED
-realm.ldap.ldapCachePeriod = 2 MINUTES
-
-# Defines whether to synchronize all LDAP users into the backing user service
-#
-# Valid values: true, false
-# If left blank, false is assumed
-realm.ldap.synchronizeUsers.enable = false
-
-# Defines whether to delete non-existent LDAP users from the backing user service
-# during synchronization. depends on  realm.ldap.synchronizeUsers.enable = true
-#
-# Valid values: true, false
-# If left blank, true is assumed
-realm.ldap.synchronizeUsers.removeDeleted = true
-
 # Attribute on the USER record that indicate their username to be used in gitblit
 # when synchronizing users from LDAP
 # if blank, Gitblit will use uid
 # For MS Active Directory this may be sAMAccountName
+#
+# SINCE 1.0.0
 realm.ldap.uid = uid
 
-# The RedmineUserService must be backed by another user service for standard user
-# and team management.
-# default: users.conf
+# Defines whether to synchronize all LDAP users and teams into the user service
+#
+# Valid values: true, false
+# If left blank, false is assumed
+#
+# SINCE 1.4.0
+realm.ldap.synchronize = false
+
+# Defines the period to be used when synchronizing users and teams from ldap.
+#
+# Must be of the form '<long> <TimeUnit>' where <TimeUnit> is one of 'MILLISECONDS', 'SECONDS', 'MINUTES', 'HOURS', 'DAYS' 
+
+# default: 5 MINUTES
 #
 # RESTART REQUIRED
-# BASEFOLDER
-realm.redmine.backingUserService = ${baseFolder}/users.conf
+# SINCE 1.4.0
+realm.ldap.syncPeriod = 5 MINUTES
+
+# Defines whether to delete non-existent LDAP users from the user service
+# during synchronization. depends on  realm.ldap.synchronize = true
+#
+# Valid values: true, false
+# If left blank, true is assumed
+#
+# SINCE 1.4.0
+realm.ldap.removeDeletedUsers = true
 
 # URL of the Redmine.
+#
+# SINCE 1.2.0
 realm.redmine.url = http://example.com/redmine
 
 #
@@ -1448,12 +1788,6 @@
 # RESTART REQUIRED
 # BASEFOLDER
 server.tempFolder = ${baseFolder}/temp
-
-# Use Jetty NIO connectors.  If false, Jetty Socket connectors will be used.
-#
-# SINCE 0.5.0
-# RESTART REQUIRED
-server.useNio = true
 
 # Specify the maximum number of concurrent http/https worker threads to allow. 
 #
@@ -1484,13 +1818,15 @@
 # RESTART REQUIRED
 server.httpsPort = 8443
 
-# Port for serving an Apache JServ Protocol (AJP) 1.3 connector for integrating
-# Gitblit GO into an Apache HTTP server setup.  <= 0 disables this connector.
-# Recommended value: 8009
+# Automatically redirect http requests to the secure https connector.
 #
-# SINCE 0.9.0
+# This setting requires that you have configured server.httpPort and server.httpsPort.
+# Unless you are on a private LAN where you trust all client connections, it is
+# recommended to use https for all communications.
+#
+# SINCE 1.4.0
 # RESTART REQUIRED
-server.ajpPort = 0
+server.redirectToHttpsPort = false
 
 # Specify the interface for Jetty to bind the standard connector.
 # You may specify an ip or an empty value to bind to all interfaces.
@@ -1499,7 +1835,7 @@
 #
 # SINCE 0.5.0
 # RESTART REQUIRED
-server.httpBindInterface = localhost
+server.httpBindInterface =
 
 # Specify the interface for Jetty to bind the secure connector.
 # You may specify an ip or an empty value to bind to all interfaces.
@@ -1508,16 +1844,7 @@
 #
 # SINCE 0.5.0
 # RESTART REQUIRED
-server.httpsBindInterface = localhost
-
-# Specify the interface for Jetty to bind the AJP connector.
-# You may specify an ip or an empty value to bind to all interfaces.
-# Specifying localhost will result in Gitblit ONLY listening to requests to
-# localhost.
-#
-# SINCE 0.9.0
-# RESTART REQUIRED
-server.ajpBindInterface = localhost
+server.httpsBindInterface =
 
 # Alias of certificate to use for https/SSL serving.  If blank the first
 # certificate found in the keystore will be used. 

--
Gitblit v1.9.1