From 6f0d843f855e179c66be107d1ab14f81254d6017 Mon Sep 17 00:00:00 2001 From: John Crygier Date: Tue, 10 Apr 2012 15:54:57 -0500 Subject: [PATCH] Allow for different port for LDAP in-memory server. Update some documentation. --- distrib/gitblit.properties | 31 +++++++++++++++--------------- docs/01_setup.mkd | 2 +- src/com/gitblit/GitBlitServer.java | 11 +++++++++-- 3 files changed, 26 insertions(+), 18 deletions(-) diff --git a/distrib/gitblit.properties b/distrib/gitblit.properties index 147f2a1e..527b7268 100644 --- a/distrib/gitblit.properties +++ b/distrib/gitblit.properties @@ -139,7 +139,7 @@ realm.minPasswordLength = 5 # URL of the LDAP server. # # SINCE 1.0.0 -realm.ldap.server = ldap://my.ldap.server +realm.ldap.server = ldap://localhost # Login username for LDAP searches. # The domain prefix may be omitted if it matches the domain specified in @@ -149,12 +149,12 @@ realm.ldap.server = ldap://my.ldap.server # e.g. mydomain\\username # # SINCE 1.0.0 -realm.ldap.username = +realm.ldap.username = cn=Directory Manager # Login password for LDAP searches. # # SINCE 1.0.0 -realm.ldap.password = +realm.ldap.password = password # The LdapUserService must be backed by another user service for standard user # and team management. @@ -177,38 +177,39 @@ realm.ldap.maintainTeams = false # Root node that all Users sit under in LDAP # -# This is the node that searches for user information will begin from in LDAP +# This is the root node that searches for user information will begin from in LDAP # If blank, it will search ALL of ldap. # # SINCE 1.0.0 -realm.ldap.accountBase = ou=people,dc=example,dc=com +realm.ldap.accountBase = OU=Users,OU=UserControl,OU=MyOrganization,DC=MyDomain # Filter Criteria for Users in LDAP # # Query pattern to use when searching for a user account. This may be any valid -# LDAP query expression, including the standard (&) and (|) operators. -# The variable ${username} is replaced by the string entered by the end user +# LDAP query expression, including the standard (&) and (|) operators. Variables may +# be injected via the ${variableName} syntax. Recognized variables are: +# ${username} - The text entered as the user name # # SINCE 1.0.0 realm.ldap.accountPattern = (&(objectClass=person)(sAMAccountName=${username})) # Root node that all Teams sit under in LDAP # -# This is the node that searches for user information will begin from in LDAP +# This is the node that searches for team information will begin from in LDAP # If blank, it will search ALL of ldap. # # SINCE 1.0.0 -realm.ldap.groupBase = ou=groups,dc=example,dc=com +realm.ldap.groupBase = OU=Groups,OU=UserControl,OU=MyOrganization,DC=MyDomain # Filter Criteria for Teams in LDAP # # Query pattern to use when searching for a team. This may be any valid -# LDAP query expression, including the standard (&) and (|) operators. -# The variable ${username} is replaced by the string entered by the end user. -# Other variables appearing in the pattern, such as ${fooBarAttribute}, -# are replaced with the value of the corresponding attribute (in this case, fooBarAttribute) -# as read from the user's account object matched under realm.ldap.accountBase. Attributes such -# as ${dn} or ${uidNumber} may be useful. +# LDAP query expression, including the standard (&) and (|) operators. Variables may +# be injected via the ${variableName} syntax. Recognized variables are: +# ${username} - The text entered as the user name +# ${dn} - The Distinguished Name of the user logged in +# All attributes on the User's record are also passed in. For example, if a user has an +# attribute "fullName" set to "John", "(fn=${fullName})" will be translated to "(fn=John)". # # SINCE 1.0.0 realm.ldap.groupMemberPattern = (&(objectClass=group)(member=${dn})) diff --git a/docs/01_setup.mkd b/docs/01_setup.mkd index a7b4cdaa..c2e2ef11 100644 --- a/docs/01_setup.mkd +++ b/docs/01_setup.mkd @@ -504,6 +504,6 @@ The following is are descriptions of the properties that would follow the sample You may notice that there are no properties to find the password on the User record. This is intentional, and the service utilizes the LDAP login process to verify that the user credentials are correct. -You can also start Gitblit GO with an in-memory (backed by an LDIF file) LDAP server by using the --ldapLdifFile property. It will always start at ldap://localhost:389, so be sure to set that in gitblit.settings. It reads the user / password in gitblit.settings to create the root user login. +You can also start Gitblit GO with an in-memory (backed by an LDIF file) LDAP server by using the --ldapLdifFile property. It will listen where ever gitblit.settings is pointed to. However, it only supports ldap...not ldaps, so be sure to set that in gitblit.settings. It reads the user / password in gitblit.settings to create the root user login. Finally, writing back to LDAP is not implemented at this time, so do not worry about corrupting your corporate LDAP. Many orgnizations are likely to go through a different flow to update their LDAP, so it's unlikely that this will become a feature. \ No newline at end of file diff --git a/src/com/gitblit/GitBlitServer.java b/src/com/gitblit/GitBlitServer.java index e8ee89ce..f4be8e9f 100644 --- a/src/com/gitblit/GitBlitServer.java +++ b/src/com/gitblit/GitBlitServer.java @@ -23,6 +23,7 @@ import java.io.OutputStream; import java.net.InetAddress; import java.net.ServerSocket; import java.net.Socket; +import java.net.URI; import java.net.URL; import java.net.UnknownHostException; import java.security.ProtectionDomain; @@ -277,21 +278,27 @@ public class GitBlitServer { if (StringUtils.isEmpty(params.ldapLdifFile) == false) { File ldifFile = new File(params.ldapLdifFile); if (ldifFile != null && ldifFile.exists()) { + URI ldapUrl = new URI(settings.getRequiredString(Keys.realm.ldap_server)); String firstLine = new Scanner(ldifFile).nextLine(); String rootDN = firstLine.substring(4); String bindUserName = settings.getString(Keys.realm.ldap_username, ""); String bindPassword = settings.getString(Keys.realm.ldap_password, ""); + // Get the port + int port = ldapUrl.getPort(); + if (port == -1) + port = 389; + InMemoryDirectoryServerConfig config = new InMemoryDirectoryServerConfig(rootDN); config.addAdditionalBindCredentials(bindUserName, bindPassword); - config.setListenerConfigs(InMemoryListenerConfig.createLDAPConfig("default", 389)); + config.setListenerConfigs(InMemoryListenerConfig.createLDAPConfig("default", port)); config.setSchema(null); InMemoryDirectoryServer ds = new InMemoryDirectoryServer(config); ds.importFromLDIF(true, new LDIFReader(ldifFile)); ds.startListening(); - logger.info("LDAP Server started at ldap://localhost:389"); + logger.info("LDAP Server started at ldap://localhost:" + port); } } } catch (Exception e) { -- 2.39.5