diff options
| author | James Moger <james.moger@gitblit.com> | 2014-04-08 00:21:40 -0400 |
|---|---|---|
| committer | James Moger <james.moger@gitblit.com> | 2014-04-08 00:21:40 -0400 |
| commit | ef4c45a4b129e77f1755d82b1a72372277bd95c8 (patch) | |
| tree | 7534e7103751b9f011388eabb531bf2cc9d00e9d | |
| parent | 90c354f5760edde96d44556f3bc8e9e630777029 (diff) | |
| download | gitblit-ef4c45a4b129e77f1755d82b1a72372277bd95c8.tar.gz gitblit-ef4c45a4b129e77f1755d82b1a72372277bd95c8.zip | |
Warn on LDAP synchronization if the uid attribute is null/undefined
| -rw-r--r-- | releases.moxie | 1 | ||||
| -rw-r--r-- | src/main/java/com/gitblit/auth/LdapAuthProvider.java | 12 |
2 files changed, 9 insertions, 4 deletions
diff --git a/releases.moxie b/releases.moxie index 34e64887..e9a92c22 100644 --- a/releases.moxie +++ b/releases.moxie @@ -16,6 +16,7 @@ r22: { - Ensure the Lucene ticket index is updated on repository deletion. changes: - Specify the --dailyLogFile option for the Ubuntu and CentOS service scripts (issue-348) + - Improve logging for missing LDAP uid attribute when synchronizing (issue-394) - The ticket close-on-push commit message regular expression is now configurable by a setting (issue-404) - Redirect to summary page on edit repository (issue-405) - Option to allow LDAP users to directly authenticate without performing LDAP searches (pr-162) diff --git a/src/main/java/com/gitblit/auth/LdapAuthProvider.java b/src/main/java/com/gitblit/auth/LdapAuthProvider.java index 83f24669..a4d7bb05 100644 --- a/src/main/java/com/gitblit/auth/LdapAuthProvider.java +++ b/src/main/java/com/gitblit/auth/LdapAuthProvider.java @@ -119,8 +119,12 @@ public class LdapAuthProvider extends UsernamePasswordAuthenticationProvider { final Map<String, UserModel> ldapUsers = new HashMap<String, UserModel>(); for (SearchResultEntry loggingInUser : result.getSearchEntries()) { - - final String username = loggingInUser.getAttribute(uidAttribute).getValue(); + Attribute uid = loggingInUser.getAttribute(uidAttribute); + if (uid == null) { + logger.error("Can not synchronize with LDAP, missing \"{}\" attribute", uidAttribute); + continue; + } + final String username = uid.getValue(); logger.debug("LDAP synchronizing: " + username); UserModel user = userManager.getUserModel(username); @@ -295,13 +299,13 @@ public class LdapAuthProvider extends UsernamePasswordAuthenticationProvider { if (ldapConnection != null) { try { boolean alreadyAuthenticated = false; - + String bindPattern = settings.getString(Keys.realm.ldap.bindpattern, ""); if (!StringUtils.isEmpty(bindPattern)) { try { String bindUser = StringUtils.replace(bindPattern, "${username}", escapeLDAPSearchFilter(simpleUsername)); ldapConnection.bind(bindUser, new String(password)); - + alreadyAuthenticated = true; } catch (LDAPException e) { return null; |