synchronization is enabled.
# SINCE 1.0.0\r
realm.ldap.groupMemberPattern = (&(objectClass=group)(member=${dn}))\r
\r
+# Filter criteria for empty LDAP groups\r
+#\r
+# Query pattern to use when searching for an empty team. This may be any valid \r
+# LDAP query expression, including the standard (&) and (|) operators.\r
+#\r
+# SINCE 1.4.0\r
+realm.ldap.groupEmptyMemberPattern = (&(objectClass=group)(!(member=*)))\r
+\r
# LDAP users or groups that should be given administrator privileges.\r
#\r
# Teams are specified with a leading '@' character. Groups with spaces in the\r
# default: 5 MINUTES\r
#\r
# RESTART REQUIRED\r
+# SINCE 1.4.0\r
realm.ldap.synchronizeUsers.ldapSyncPeriod = 5 MINUTES\r
\r
# Defines whether to delete non-existent LDAP users from the backing user service\r
userManager.updateTeamModels(userTeams.values());
}
}
+ if (!supportsTeamMembershipChanges()) {
+ getEmptyTeamsFromLdap(ldapConnection);
+ }
lastLdapUserSync.set(System.currentTimeMillis());
} finally {
ldapConnection.close();
}
}
+ private void getEmptyTeamsFromLdap(LDAPConnection ldapConnection) {
+ String groupBase = settings.getString(Keys.realm.ldap.groupBase, "");
+ String groupMemberPattern = settings.getString(Keys.realm.ldap.groupEmptyMemberPattern, "(&(objectClass=group)(!(member=*)))");
+
+ SearchResult teamMembershipResult = doSearch(ldapConnection, groupBase, true, groupMemberPattern, null);
+ if (teamMembershipResult != null && teamMembershipResult.getEntryCount() > 0) {
+ for (int i = 0; i < teamMembershipResult.getEntryCount(); i++) {
+ SearchResultEntry teamEntry = teamMembershipResult.getSearchEntries().get(i);
+ if (!teamEntry.hasAttribute("member")) {
+ String teamName = teamEntry.getAttribute("cn").getValue();
+
+ TeamModel teamModel = userManager.getTeamModel(teamName);
+ if (teamModel == null) {
+ teamModel = createTeamFromLdap(teamEntry);
+ userManager.updateTeamModel(teamModel);
+ }
+ }
+ }
+ }
+ }
+
private TeamModel createTeamFromLdap(SearchResultEntry teamEntry) {
TeamModel answer = new TeamModel(teamEntry.getAttributeValue("cn"));
answer.accountType = getAccountType();
import com.gitblit.manager.IUserManager;
import com.gitblit.manager.RuntimeManager;
import com.gitblit.manager.UserManager;
+import com.gitblit.models.TeamModel;
import com.gitblit.models.UserModel;
import com.gitblit.tests.mock.MemorySettings;
import com.unboundid.ldap.listener.InMemoryDirectoryServer;
assertEquals("Number of ldap users in gitblit user model", 6, countLdapUsersInUserManager());
}
+ @Test
+ public void addingGroupsInLdapShouldNotUpdateGitBlitUsersAndGroups() throws Exception {
+ settings.put("realm.ldap.ldapCachePeriod", "0 MINUTES");
+ ds.addEntries(LDIFReader.readEntries(RESOURCE_DIR + "addgroup.ldif"));
+ ldap.synchronizeWithLdapService();
+ assertEquals("Number of ldap groups in gitblit team model", 0, countLdapTeamsInUserManager());
+ }
+
+ @Test
+ public void addingGroupsInLdapShouldUpdateGitBlitUsersAndGroups() throws Exception {
+ settings.put("realm.ldap.synchronizeUsers.enable", "true");
+ settings.put("realm.ldap.ldapCachePeriod", "0 MINUTES");
+ ds.addEntries(LDIFReader.readEntries(RESOURCE_DIR + "addgroup.ldif"));
+ ldap.synchronizeWithLdapService();
+ assertEquals("Number of ldap groups in gitblit team model", 1, countLdapTeamsInUserManager());
+ }
+
private int countLdapUsersInUserManager() {
int ldapAccountCount = 0;
for (UserModel userModel : userManager.getAllUsers()) {
return ldapAccountCount;
}
+ private int countLdapTeamsInUserManager() {
+ int ldapAccountCount = 0;
+ for (TeamModel teamModel : userManager.getAllTeams()) {
+ if (AccountType.LDAP.equals(teamModel.accountType)) {
+ ldapAccountCount++;
+ }
+ }
+ return ldapAccountCount;
+ }
+
}
--- /dev/null
+dn: CN=Git_Group_Without_Members,OU=Groups,OU=UserControl,OU=MyOrganization,DC=MyDomain
+objectClass: top
+objectClass: group
+cn: Git_Group_Without_Members
+sAMAccountName: Git_Group_Without_Members
projects / gitblit.git / commitdiff