From f76fee63ed9cb3a30d3c0c092d860b1cb93a481b Mon Sep 17 00:00:00 2001
From: Gerard Smyth <gerard.smyth@gmail.com>
Date: Thu, 08 May 2014 13:09:30 -0400
Subject: [PATCH] Updated the SyndicationServlet to provide an additional option to return details of the tags in the repository instead of the commits. This uses a new 'ot' request parameter to indicate the object type of the content to return, which can be ither TAG or COMMIT. If this is not provided, then COMMIT is assumed to maintain backwards compatability. If tags are returned, then the paging parameters, 'l' and 'pg' are still supported, but searching options are currently ignored.

---
 src/main/distrib/data/gitblit.properties |  587 +++++++++++++++++++++++++++++++++++++++++++++-------------
 1 files changed, 457 insertions(+), 130 deletions(-)

diff --git a/src/main/distrib/data/gitblit.properties b/src/main/distrib/data/gitblit.properties
index 9be7f64..3215094 100644
--- a/src/main/distrib/data/gitblit.properties
+++ b/src/main/distrib/data/gitblit.properties
@@ -83,7 +83,7 @@
 #
 # SINCE 1.3.0
 # RESTART REQUIRED
-git.daemonBindInterface = localhost
+git.daemonBindInterface = 
 
 # port for serving the Git Daemon service.  <= 0 disables this service.
 # On Unix/Linux systems, ports < 1024 require root permissions.
@@ -92,6 +92,52 @@
 # SINCE 1.3.0
 # RESTART REQUIRED
 git.daemonPort = 9418
+
+# The port for serving the SSH service.  <= 0 disables this service.
+# On Unix/Linux systems, ports < 1024 require root permissions.
+# Recommended value: 29418
+#
+# SINCE 1.5.0
+# RESTART REQUIRED
+git.sshPort = 29418
+
+# Specify the interface for the SSH daemon to bind its service.
+# You may specify an ip or an empty value to bind to all interfaces.
+# Specifying localhost will result in Gitblit ONLY listening to requests to
+# localhost.
+#
+# SINCE 1.5.0
+# RESTART REQUIRED
+git.sshBindInterface = 
+
+# Specify the SSH key manager to use for retrieving, storing, and removing
+# SSH keys.
+#
+# Valid key managers are:
+#    com.gitblit.transport.ssh.FileKeyManager
+#
+# SINCE 1.5.0
+git.sshKeysManager = com.gitblit.transport.ssh.FileKeyManager
+
+# Directory for storing user SSH keys when using the FileKeyManager.
+#
+# SINCE 1.5.0
+git.sshKeysFolder= ${baseFolder}/ssh
+
+# SSH backend NIO2|MINA.
+#
+# The Apache Mina project recommends using the NIO2 backend.
+#
+# SINCE 1.5.0
+git.sshBackend = NIO2
+
+# Number of threads used to parse a command line submitted by a client over SSH
+# for execution, create the internal data structures used by that command,
+# and schedule it for execution on another thread.
+#
+# SINCE 1.5.0
+git.sshCommandStartThreads = 2
+
 
 # Allow push/pull over http/https with JGit servlet.
 # If you do NOT want to allow Git clients to clone/push to Gitblit set this
@@ -131,6 +177,16 @@
 # SINCE 0.9.0
 git.onlyAccessBareRepositories = false
 
+
+# Specify the list of acceptable transports for pushes.
+# If this setting is empty, all transports are acceptable.
+#
+# Valid choices are: GIT HTTP HTTPS SSH
+#
+# SINCE 1.5.0
+# SPACE-DELIMITED
+git.acceptedPushTransports = HTTP HTTPS SSH
+
 # Allow an authenticated user to create a destination repository on a push if
 # the repository does not already exist.
 #
@@ -145,6 +201,18 @@
 # SINCE 1.2.0
 git.allowCreateOnPush = true
 
+# Global setting to control anonymous pushes.
+#
+# This setting allows/rejects anonymous pushes at the level of the receive pack.
+# This trumps all repository config settings.  While anonymous pushes are convenient
+# on your own box when you are a lone developer,  they are not recommended for
+# any multi-user installation where accountability is required.  Since Gitblit
+# tracks pushes and user accounts, allowing anonymous pushes compromises that
+# information.
+#
+# SINCE 1.4.0
+git.allowAnonymousPushes = false
+
 # The default access restriction for new repositories.
 # Valid values are NONE, PUSH, CLONE, VIEW
 #  NONE = anonymous view, clone, & push
@@ -153,7 +221,7 @@
 #  VIEW = authenticated view, clone, & push
 #
 # SINCE 1.0.0
-git.defaultAccessRestriction = NONE
+git.defaultAccessRestriction = PUSH
 
 # The default authorization control for new repositories.
 # Valid values are AUTHENTICATED and NAMED
@@ -162,6 +230,23 @@
 #
 # SINCE 1.1.0
 git.defaultAuthorizationControl = NAMED
+
+# The prefix for a users personal repository directory.
+#
+# Personal user repositories are created in this directory, named by the user name
+# prefixed with the userRepositoryPrefix. For eaxmple, a user 'john' would have his
+# personal repositories in the directory '~john'.
+#
+# Cannot be an empty string. Also, absolute paths are changed to relative paths by 
+# removing the first directory separator.
+#
+# It is not recommended to change this value AFTER your user's have created
+# personal repositories because it will break all permissions, ownership, and
+# repository push/pull operations. 
+#
+# RESTART REQUIRED
+# SINCE 1.4.0
+git.userRepositoryPrefix = ~
 
 # The default incremental push tag prefix.  Tag prefix applied to a repository
 # that has automatic push tags enabled and does not specify a custom tag prefix.
@@ -173,6 +258,18 @@
 #
 # SINCE 1.3.0
 git.defaultIncrementalPushTagPrefix = r
+
+# Controls creating a repository as --shared on Unix servers.
+#
+# In an Unix environment where mixed access methods exist for shared repositories,
+# the repository should be created with 'git init --shared' to make sure that
+# it can be accessed e.g. via ssh (user git) and http (user www-data).
+#
+# Valid values are the values available for the '--shared' option. The the manual
+# page for 'git init' for more information on shared repositories.
+#
+# SINCE 1.4.0
+git.createRepositoriesShared = false
 
 # Enable JGit-based garbage collection. (!!EXPERIMENTAL!!)
 #
@@ -234,6 +331,34 @@
 #
 # SINCE 1.2.0
 git.defaultGarbageCollectionPeriod = 7
+
+# Gitblit can automatically fetch ref updates for a properly configured mirror
+# repository.
+#
+# Requirements:
+# 1. you must manually clone the repository using native git
+#    git clone --mirror git://somewhere.com/myrepo.git
+# 2. the "origin" remote must be the mirror source
+# 3. the "origin" repository must be accessible without authentication OR the
+#    credentials must be embedded in the origin url (not recommended)
+#
+# Notes:
+# 1. "origin" SSH urls are untested and not likely to work
+# 2. mirrors cloned while Gitblit is running are likely to require clearing the
+#    gitblit cache (link on the repositories page of an administrator account)
+# 3. Gitblit will automatically repair any invalid fetch refspecs with a "//"
+#    sequence.
+#
+# SINCE 1.4.0
+# RESTART REQUIRED
+git.enableMirroring = false
+
+# Specify the period between update checks for mirrored repositories.
+# The shortest period you may specify between mirror update checks is 5 mins.
+#
+# SINCE 1.4.0
+# RESTART REQUIRED
+git.mirrorPeriod = 30 mins
 
 # Number of bytes of a pack file to load into memory in a single read operation.
 # This is the "page size" of the JGit buffer cache, used for all pack access
@@ -312,6 +437,33 @@
 # Common unit suffixes of k, m, or g are supported.
 # Documentation courtesy of the Gerrit project.
 #
+#
+# NOTE: The importance of JGit's streamFileTreshold AND Git's bigFileThreshold
+# ISSUE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=394078
+#
+# "core.bigFileThreshold  
+#
+#    Files larger than this size are stored deflated, without
+#    attempting delta compression.  Storing large files without
+#    delta compression avoids excessive memory usage, at the
+#    slight expense of increased disk usage.
+#
+#  Default is 512 MiB on all platforms.
+#  This should be reasonable for most projects as source code and other 
+#  text files can still be delta compressed, 
+#  but larger binary media files won't be."
+#  -- Git documentation
+#
+# If streamFileTreshold < bigFileTreshold you _may_ spend alot of time waiting
+# for push and/or fetch to complete.  It may even look hung.
+#
+# Until the issue is resolved gracefully, a workaround is to configure
+# bigFileThreshold < streamFileTreshold AND then repack the repository.
+#
+# e.g. from the repository folder with Gitblit NOT running:
+#     git config core.bigFileTreshold 40m
+#     git gc --aggressive
+#
 # SINCE 1.0.0
 # RESTART REQUIRED
 git.streamFileThreshold = 50m
@@ -332,6 +484,134 @@
 # SINCE 1.0.0
 # RESTART REQUIRED
 git.packedGitMmap = false
+
+# Validate all received (pushed) objects are valid.
+#
+# SINCE 1.5.0
+git.checkReceivedObjects = true
+
+# Validate all referenced but not supplied objects are reachable.
+#
+# If enabled, Gitblit will verify that references to objects not contained
+# within the received pack are already reachable through at least one other
+# reference advertised to clients.
+#
+# This feature is useful when Gitblit doesn't trust the client to not provide a
+# forged SHA-1 reference to an object, in an attempt to access parts of the DAG
+# that they aren't allowed to see and which have been hidden from them via the
+# configured AdvertiseRefsHook or RefFilter.
+#
+# Enabling this feature may imply at least some, if not all, of the same functionality
+# performed by git.checkReceivedObjects. 
+#
+# SINCE 1.5.0
+git.checkReferencedObjectsAreReachable = true
+
+# Set the maximum allowed Git object size.
+#
+# If an object is larger than the given size the pack-parsing will throw an exception
+# aborting the receive-pack operation.  The default value, 0, disables maximum
+# object size checking.
+#
+# SINCE 1.5.0
+git.maxObjectSizeLimit = 0
+
+# Set the maximum allowed pack size.
+#
+# A pack exceeding this size will be rejected. The default value, -1, disables
+# maximum pack size checking.
+#
+# SINCE 1.5.0
+git.maxPackSizeLimit = -1
+
+# Use the Gitblit patch receive pack for processing contributions and tickets.
+# This allows the user to push a patch using the familiar Gerrit syntax:
+#
+#    git push <remote> HEAD:refs/for/<targetBranch>
+#
+# NOTE:
+# This requires git.enableGitServlet = true AND it requires an authenticated
+# git transport connection (http/https) when pushing from a client.
+#
+# Valid services include:
+#    com.gitblit.tickets.FileTicketService
+#    com.gitblit.tickets.BranchTicketService
+#    com.gitblit.tickets.RedisTicketService
+#
+# SINCE 1.4.0
+# RESTART REQUIRED
+tickets.service = 
+
+# Globally enable or disable creation of new bug, enhancement, task, etc tickets
+# for all repositories.
+#
+# If false, no tickets can be created through the ui for any repositories.
+# If true, each repository can control if they allow new tickets to be created.
+#
+# NOTE:
+# If a repository is accepting patchsets, new proposal tickets can be created
+# regardless of this setting.
+#
+# SINCE 1.4.0
+tickets.acceptNewTickets = true
+
+# Globally enable or disable pushing patchsets to all repositories.
+#
+# If false, no patchsets will be accepted for any repositories.
+# If true, each repository can control if they accept new patchsets.
+#
+# NOTE:
+# If a repository is accepting patchsets, new proposal tickets can be created
+# regardless of the acceptNewTickets setting.
+#
+# SINCE 1.4.0
+tickets.acceptNewPatchsets = true
+
+# Default setting to control patchset merge through the web ui.  If true, patchsets
+# must have an approval score to enable the merge button.  This setting can be
+# overriden per-repository.
+#
+# SINCE 1.4.0
+tickets.requireApproval = false
+
+# The case-insensitive regular expression used to identify and close tickets on
+# push to the integration branch for commits that are NOT already referenced as
+# a patchset tip.
+#
+# SINCE 1.5.0
+tickets.closeOnPushCommitMessageRegex = (?:fixes|closes)[\\s-]+#?(\\d+)
+
+# Specify the location of the Lucene Ticket index
+#
+# SINCE 1.4.0
+# RESTART REQUIRED
+tickets.indexFolder = ${baseFolder}/tickets/lucene
+
+# Define the url for the Redis server.
+#
+# e.g. redis://localhost:6379
+#      redis://:foobared@localhost:6379/2
+#
+# SINCE 1.4.0
+# RESTART REQUIRED
+tickets.redis.url =
+
+# The number of tickets to display on a page.
+#
+# SINCE 1.4.0
+tickets.perPage = 25
+
+# The folder where plugins are loaded from.
+#
+# SINCE 1.5.0
+# RESTART REQUIRED
+# BASEFOLDER
+plugins.folder = ${baseFolder}/plugins
+
+# The registry of available plugins.
+#
+# SINCE 1.5.0
+plugins.registry = http://plugins.gitblit.com/plugins.json
 
 #
 # Groovy Integration
@@ -432,7 +712,7 @@
 #
 # SINCE 1.2.1
 # RESTART REQUIRED
-fanout.bindInterface = localhost
+fanout.bindInterface = 
 
 # port for serving the Fanout PubSub service.  <= 0 disables this service.
 # On Unix/Linux systems, ports < 1024 require root permissions.
@@ -493,16 +773,7 @@
 web.projectsFile = ${baseFolder}/projects.conf
 
 # Either the full path to a user config file (users.conf)
-# OR the full path to a simple user properties file (users.properties)
 # OR a fully qualified class name that implements the IUserService interface.
-#
-# Alternative user services:
-#    com.gitblit.LdapUserService
-#    com.gitblit.RedmineUserService
-#    com.gitblit.SalesforceUserService
-#    com.gitblit.WindowsUserService
-#    com.gitblit.PAMUserService
-#    com.gitblit.HtpasswdUserService
 #
 # Any custom user service implementation must have a public default constructor.
 #
@@ -510,6 +781,25 @@
 # RESTART REQUIRED
 # BASEFOLDER
 realm.userService = ${baseFolder}/users.conf
+
+# Ordered list of external authentication providers which will be used if
+# authentication against the local user service fails.
+#
+# Valid providers are:
+#
+#    htpasswd
+#    ldap
+#    pam
+#    redmine
+#    salesforce
+#    windows
+
+# e.g. realm.authenticationProviders = htpasswd windows
+#
+# SINCE 1.4.0
+# RESTART REQUIRED
+# SPACE-DELIMITED
+realm.authenticationProviders =
 
 # How to store passwords.
 # Valid values are plain, md5, or combined-md5.  md5 is the hash of password.
@@ -533,12 +823,25 @@
 # SINCE 0.5.0
 web.siteName =
 
+# The canonical url of your Gitblit server to bs used in email notifications.
+# e.g. web.canonicalUrl = https://demo-gitblit.rhcloud.com
+#
+# SINCE 1.4.0
+web.canonicalUrl = 
+
 # You may specify a different logo image for the header but it must be 120x45px.
 # If the specified file does not exist, the default Gitblit logo will be used.
 #
 # SINCE 1.3.0
 # BASEFOLDER
 web.headerLogo = ${baseFolder}/logo.png
+
+# You may specify a different link URL for the logo image anchor.
+# If blank the Gitblit main page URL is used.
+#
+# SINCE 1.3.0
+# BASEFOLDER
+web.rootLink =
 
 # You may specify a custom header background CSS color.  If unspecified, the
 # default color will be used.
@@ -588,6 +891,14 @@
 #
 # SINCE 0.5.0 
 web.allowAdministration = true
+
+# Setting to disable rendering the top-level navigation header which includes
+# the login form, top-level links like dashboard, repositories, search, etc.
+# This setting is only useful if you plan to embed Gitblit within another page
+# or system.
+#
+# SINCE 1.4.0
+web.hideHeader = false
 
 # Allows rpc clients to list repositories and possibly manage or administer the 
 # Gitblit server, if the authenticated account has administrator permissions.
@@ -849,10 +1160,13 @@
 # SINCE 0.8.0
 web.repositoryListSwatches = true
 
-# Choose the diff presentation style: gitblt, gitweb, or plain
+# Defines the default commit message renderer.  This can be configured
+# per-repository.
 #
-# SINCE 0.5.0
-web.diffStyle = gitblit
+# Valid values are: plain, markdown
+#
+# SINCE 1.4.0
+web.commitMessageRenderer = plain
 
 # Control if email addresses are shown in web ui
 #
@@ -865,11 +1179,16 @@
 # SINCE 0.5.0
 web.showSearchTypeSelection = false
 
-# Generates a line graph of repository activity over time on the Summary page.
-# This uses the Google Charts API.
+# Controls display of activity graphs on the dashboard, activity, and summary
+# pages.  Charting makes use of the external Google Charts API.
 #
 # SINCE 0.5.0 
 web.generateActivityGraph = true
+
+# Displays the commits branch graph in the summary page and commits/log page.
+#
+# SINCE 1.4.0
+web.showBranchGraph = true
 
 # The default number of days to show on the activity page.
 # Value must exceed 0 else default of 7 is used
@@ -923,6 +1242,11 @@
 # SINCE 0.5.0
 web.summaryRefsCount = 5
 
+# Show a README file, if available, on the summary page.
+#
+# SINCE 1.4.0
+web.summaryShowReadme = false
+
 # The number of items to show on a page before showing the first, prev, next
 # pagination links.  A default of 50 is used for any invalid value.
 #
@@ -941,11 +1265,21 @@
 # SINCE 1.3.0
 web.reflogChangesPerPage = 10
 
+# Specify the names of documents in the root of your repository to be displayed
+# in tabs on your repository docs page.  If the name is not found in the root
+# then no tab is added.  The order specified is the order displayed.  Do not
+# specify a file extension as the aggregation of markup extensions + txt are used
+# in the search algorithm.
+#
+# SPACE-DELIMITED
+# SINCE 1.4.0
+web.documents = readme home index changelog contributing submitting_patches copying license notice authors
+
 # Registered file extensions to ignore during Lucene indexing
 #
 # SPACE-DELIMITED
 # SINCE 0.9.0
-web.luceneIgnoreExtensions = 7z arc arj bin bmp dll doc docx exe gif gz jar jpg lib lzh odg odf odt pdf ppt png so swf xcf xls xlsx zip
+web.luceneIgnoreExtensions = 7z arc arj bin bmp dll doc docx exe gif gz jar jpg lib lzh odg odf odt pdf ppt pptx png so swf tar xcf xls xlsx zip
 
 # Registered extensions for google-code-prettify
 #
@@ -960,6 +1294,41 @@
 # SINCE 0.5.0
 web.markdownExtensions = md mkd markdown MD MKD
 
+# Registered extensions for mediawiki transformation
+#
+# SPACE-DELIMITED
+# CASE-SENSITIVE
+# SINCE 1.4.0
+web.mediawikiExtensions = mw mediawiki
+
+# Registered extensions for twiki transformation
+#
+# SPACE-DELIMITED
+# CASE-SENSITIVE
+# SINCE 1.4.0
+web.twikiExtensions = twiki
+
+# Registered extensions for textile transformation
+#
+# SPACE-DELIMITED
+# CASE-SENSITIVE
+# SINCE 1.4.0
+web.textileExtensions = textile
+
+# Registered extensions for confluence transformation
+#
+# SPACE-DELIMITED
+# CASE-SENSITIVE
+# SINCE 1.4.0
+web.confluenceExtensions = confluence
+
+# Registered extensions for tracwiki transformation
+#
+# SPACE-DELIMITED
+# CASE-SENSITIVE
+# SINCE 1.4.0
+web.tracwikiExtensions = tracwiki
+
 # Image extensions
 #
 # SPACE-DELIMITED
@@ -970,7 +1339,7 @@
 #
 # SPACE-DELIMITED
 # SINCE 0.5.0
-web.binaryExtensions = jar pdf tar.gz zip
+web.binaryExtensions = 7z arc arj bin dll doc docx exe gz jar lib lzh odg odf odt pdf ppt pptx so tar xls xlsx zip
 
 # Aggressive heap management will run the garbage collector on every generated
 # page.  This slows down page generation a little but improves heap consumption. 
@@ -997,19 +1366,24 @@
 # Enable/disable global regex substitutions (i.e. shared across repositories)
 #
 # SINCE 0.5.0
+# DEPRECATED 1.4.0 (migrate to bugtraq instead)
 regex.global = true
 
 # Example global regex substitutions
 # Use !!! to separate the search pattern and the replace pattern
 # searchpattern!!!replacepattern
 # SINCE 0.5.0
-regex.global.bug = \\b(Bug:)(\\s*[#]?|-){0,1}(\\d+)\\b!!!<a href="http://somehost/bug/$3">Bug-Id: $3</a>
+
+# regex.global.bug = \\b(Bug:)(\\s*[#]?|-){0,1}(\\d+)\\b!!!Bug: <a href="http://somehost/bug/$3">$3</a>
 # SINCE 0.5.0
-regex.global.changeid = \\b(Change-Id:\\s*)([A-Za-z0-9]*)\\b!!!<a href="http://somehost/changeid/$2">Change-Id: $2</a>
+
+# Example Gerrit links
+# regex.global.changeid = \\b(Change-Id:\\s*)([A-Za-z0-9]*)\\b!!!Change-Id: <a href="http://somehost/r/#q,$2,n,z">$2</a>
+# regex.global.reviewedon = \\b(Reviewed-on:\\s*)([A-Za-z0-9:/\\.]*)\\b!!!Reviewed-on: <a href="$2">$2</a>
 
 # Example per-repository regex substitutions overrides global
 # SINCE 0.5.0
-regex.myrepository.bug = \\b(Bug:)(\\s*[#]?|-){0,1}(\\d+)\\b!!!<a href="http://elsewhere/bug/$3">Bug-Id: $3</a>
+# regex.myrepository.bug = \\b(Bug:)(\\s*[#]?|-){0,1}(\\d+)\\b!!!Bug: <a href="http://elsewhere/bug/$3">$3</a>
 
 #
 # Mail Settings
@@ -1193,19 +1567,16 @@
 # SINCE 1.3.0
 realm.container.autoCreateAccounts = false
 
-# The WindowsUserService must be backed by another user service for standard user
-# and team management.
-# default: users.conf
-#
-# RESTART REQUIRED
-# BASEFOLDER
-# SINCE 1.3.0
-realm.windows.backingUserService = ${baseFolder}/users.conf
-
 # Allow or prohibit Windows guest account logins
 #
 # SINCE 1.3.0
 realm.windows.allowGuests = false
+
+# Allow user accounts belonging to the BUILTIN\Administrators group to be
+# Gitblit administrators.
+#
+# SINCE 1.4.0
+realm.windows.permitBuiltInAdministrators = true
 
 # The default domain for authentication.
 #
@@ -1219,29 +1590,11 @@
 # SINCE 1.3.0
 realm.windows.defaultDomain =
 
-# The PAMUserService must be backed by another user service for standard user
-# and team management.
-# default: users.conf
-#
-# RESTART REQUIRED
-# BASEFOLDER
-# SINCE 1.3.1
-realm.pam.backingUserService = ${baseFolder}/users.conf
-
 # The PAM service name for authentication.
 # default: system-auth
 #
 # SINCE 1.3.1
 realm.pam.serviceName = system-auth
-
-# The HtpasswdUserService must be backed by another user service for standard user
-# and team management and attributes. This can be one of the local Gitblit user services.
-# default: users.conf
-#
-# RESTART REQUIRED
-# BASEFOLDER
-# SINCE 1.3.2
-realm.htpasswd.backingUserService = ${baseFolder}/users.conf
 
 # The Apache htpasswd file that contains the users and passwords.
 # default: ${baseFolder}/htpasswd
@@ -1250,30 +1603,6 @@
 # BASEFOLDER
 # SINCE 1.3.2
 realm.htpasswd.userfile = ${baseFolder}/htpasswd
-
-#  Determines how accounts are looked up upon login.
-#
-# If set to false, then authentication for local accounts is done against
-# the backing user service.
-# If set to true, then authentication will first be checked against the
-# htpasswd store, even if the account appears as a local account in the
-# backing user service. If the user is found in the htpasswd store, then
-# an already existing local account will be turned into an external account.
-# In this case an initial local password is never used and gets overwritten
-# by the externally stored password upon login.
-# default: false
-#
-# SINCE 1.3.2
-realm.htpasswd.overrideLocalAuthentication = false
-
-# The SalesforceUserService must be backed by another user service for standard user
-# and team management.
-# default: users.conf
-#
-# RESTART REQUIRED
-# BASEFOLDER
-# SINCE 1.3.0
-realm.salesforce.backingUserService = ${baseFolder}/users.conf
 
 # Restrict the Salesforce user to members of this org.
 # default: 0 (i.e. do not check the Org ID)
@@ -1301,14 +1630,14 @@
 # SINCE 1.0.0
 realm.ldap.password = password
 
-# The LdapUserService must be backed by another user service for standard user
-# and team management.
-# default: users.conf
+# Bind pattern for Authentication.
+# Allow to directly authenticate an user without LDAP Searches.
+# 
+# e.g. CN=${username},OU=Users,OU=UserControl,OU=MyOrganization,DC=MyDomain
 #
-# SINCE 1.0.0
-# RESTART REQUIRED
-# BASEFOLDER
-realm.ldap.backingUserService = ${baseFolder}/users.conf
+# SINCE 1.5.0
+realm.ldap.bindpattern = 
+
 
 # Delegate team membership control to LDAP.
 #
@@ -1366,10 +1695,20 @@
 # SINCE 1.0.0
 realm.ldap.groupMemberPattern = (&(objectClass=group)(member=${dn}))
 
+# Filter criteria for empty LDAP groups
+#
+# Query pattern to use when searching for an empty team. This may be any valid 
+# LDAP query expression, including the standard (&) and (|) operators.
+#
+# default: (&(objectClass=group)(!(member=*)))
+# SINCE 1.4.0
+realm.ldap.groupEmptyMemberPattern = (&(objectClass=group)(!(member=*)))
+
 # LDAP users or groups that should be given administrator privileges.
 #
 # Teams are specified with a leading '@' character.  Groups with spaces in the
-# name can be entered as "@team name".
+# name can be entered as "@team name".  This setting only applies when using
+# LDAP to maintain team memberships.
 #
 # e.g. realm.ldap.admins = john @git_admins "@git admins"
 #
@@ -1399,43 +1738,44 @@
 # SINCE 1.0.0
 realm.ldap.email = email
 
-# Defines the cache period to be used when caching LDAP queries. This is currently
-# only used for LDAP user synchronization.
-#
-# Must be of the form '<long> <TimeUnit>' where <TimeUnit> is one of 'MILLISECONDS', 'SECONDS', 'MINUTES', 'HOURS', 'DAYS' 
-# default: 2 MINUTES
-#
-# RESTART REQUIRED
-realm.ldap.ldapCachePeriod = 2 MINUTES
-
-# Defines whether to synchronize all LDAP users into the backing user service
-#
-# Valid values: true, false
-# If left blank, false is assumed
-realm.ldap.synchronizeUsers.enable = false
-
-# Defines whether to delete non-existent LDAP users from the backing user service
-# during synchronization. depends on  realm.ldap.synchronizeUsers.enable = true
-#
-# Valid values: true, false
-# If left blank, true is assumed
-realm.ldap.synchronizeUsers.removeDeleted = true
-
 # Attribute on the USER record that indicate their username to be used in gitblit
 # when synchronizing users from LDAP
 # if blank, Gitblit will use uid
 # For MS Active Directory this may be sAMAccountName
+#
+# SINCE 1.0.0
 realm.ldap.uid = uid
 
-# The RedmineUserService must be backed by another user service for standard user
-# and team management.
-# default: users.conf
+# Defines whether to synchronize all LDAP users and teams into the user service
+#
+# Valid values: true, false
+# If left blank, false is assumed
+#
+# SINCE 1.4.0
+realm.ldap.synchronize = false
+
+# Defines the period to be used when synchronizing users and teams from ldap.
+#
+# Must be of the form '<long> <TimeUnit>' where <TimeUnit> is one of 'MILLISECONDS', 'SECONDS', 'MINUTES', 'HOURS', 'DAYS' 
+
+# default: 5 MINUTES
 #
 # RESTART REQUIRED
-# BASEFOLDER
-realm.redmine.backingUserService = ${baseFolder}/users.conf
+# SINCE 1.4.0
+realm.ldap.syncPeriod = 5 MINUTES
+
+# Defines whether to delete non-existent LDAP users from the user service
+# during synchronization. depends on  realm.ldap.synchronize = true
+#
+# Valid values: true, false
+# If left blank, true is assumed
+#
+# SINCE 1.4.0
+realm.ldap.removeDeletedUsers = true
 
 # URL of the Redmine.
+#
+# SINCE 1.2.0
 realm.redmine.url = http://example.com/redmine
 
 #
@@ -1448,12 +1788,6 @@
 # RESTART REQUIRED
 # BASEFOLDER
 server.tempFolder = ${baseFolder}/temp
-
-# Use Jetty NIO connectors.  If false, Jetty Socket connectors will be used.
-#
-# SINCE 0.5.0
-# RESTART REQUIRED
-server.useNio = true
 
 # Specify the maximum number of concurrent http/https worker threads to allow. 
 #
@@ -1484,13 +1818,15 @@
 # RESTART REQUIRED
 server.httpsPort = 8443
 
-# Port for serving an Apache JServ Protocol (AJP) 1.3 connector for integrating
-# Gitblit GO into an Apache HTTP server setup.  <= 0 disables this connector.
-# Recommended value: 8009
+# Automatically redirect http requests to the secure https connector.
 #
-# SINCE 0.9.0
+# This setting requires that you have configured server.httpPort and server.httpsPort.
+# Unless you are on a private LAN where you trust all client connections, it is
+# recommended to use https for all communications.
+#
+# SINCE 1.4.0
 # RESTART REQUIRED
-server.ajpPort = 0
+server.redirectToHttpsPort = false
 
 # Specify the interface for Jetty to bind the standard connector.
 # You may specify an ip or an empty value to bind to all interfaces.
@@ -1499,7 +1835,7 @@
 #
 # SINCE 0.5.0
 # RESTART REQUIRED
-server.httpBindInterface = localhost
+server.httpBindInterface =
 
 # Specify the interface for Jetty to bind the secure connector.
 # You may specify an ip or an empty value to bind to all interfaces.
@@ -1508,16 +1844,7 @@
 #
 # SINCE 0.5.0
 # RESTART REQUIRED
-server.httpsBindInterface = localhost
-
-# Specify the interface for Jetty to bind the AJP connector.
-# You may specify an ip or an empty value to bind to all interfaces.
-# Specifying localhost will result in Gitblit ONLY listening to requests to
-# localhost.
-#
-# SINCE 0.9.0
-# RESTART REQUIRED
-server.ajpBindInterface = localhost
+server.httpsBindInterface =
 
 # Alias of certificate to use for https/SSL serving.  If blank the first
 # certificate found in the keystore will be used. 

--
Gitblit v1.9.1