From ef4c45a4b129e77f1755d82b1a72372277bd95c8 Mon Sep 17 00:00:00 2001 From: James Moger Date: Tue, 8 Apr 2014 00:21:40 -0400 Subject: [PATCH] Warn on LDAP synchronization if the uid attribute is null/undefined --- releases.moxie | 1 + src/main/java/com/gitblit/auth/LdapAuthProvider.java | 12 ++++++++---- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/releases.moxie b/releases.moxie index 34e64887..e9a92c22 100644 --- a/releases.moxie +++ b/releases.moxie @@ -16,6 +16,7 @@ r22: { - Ensure the Lucene ticket index is updated on repository deletion. changes: - Specify the --dailyLogFile option for the Ubuntu and CentOS service scripts (issue-348) + - Improve logging for missing LDAP uid attribute when synchronizing (issue-394) - The ticket close-on-push commit message regular expression is now configurable by a setting (issue-404) - Redirect to summary page on edit repository (issue-405) - Option to allow LDAP users to directly authenticate without performing LDAP searches (pr-162) diff --git a/src/main/java/com/gitblit/auth/LdapAuthProvider.java b/src/main/java/com/gitblit/auth/LdapAuthProvider.java index 83f24669..a4d7bb05 100644 --- a/src/main/java/com/gitblit/auth/LdapAuthProvider.java +++ b/src/main/java/com/gitblit/auth/LdapAuthProvider.java @@ -119,8 +119,12 @@ public class LdapAuthProvider extends UsernamePasswordAuthenticationProvider { final Map ldapUsers = new HashMap(); for (SearchResultEntry loggingInUser : result.getSearchEntries()) { - - final String username = loggingInUser.getAttribute(uidAttribute).getValue(); + Attribute uid = loggingInUser.getAttribute(uidAttribute); + if (uid == null) { + logger.error("Can not synchronize with LDAP, missing \"{}\" attribute", uidAttribute); + continue; + } + final String username = uid.getValue(); logger.debug("LDAP synchronizing: " + username); UserModel user = userManager.getUserModel(username); @@ -295,13 +299,13 @@ public class LdapAuthProvider extends UsernamePasswordAuthenticationProvider { if (ldapConnection != null) { try { boolean alreadyAuthenticated = false; - + String bindPattern = settings.getString(Keys.realm.ldap.bindpattern, ""); if (!StringUtils.isEmpty(bindPattern)) { try { String bindUser = StringUtils.replace(bindPattern, "${username}", escapeLDAPSearchFilter(simpleUsername)); ldapConnection.bind(bindUser, new String(password)); - + alreadyAuthenticated = true; } catch (LDAPException e) { return null; -- 2.39.5