Merge jcrygier's LDAP injection defense and displayname/email retrieval

Add LDAP logic to retrieve display name & email address
Add code / test to defend against LDAP injection attacks.

1 files changed, 22 insertions, 0 deletions

diff --git a/distrib/gitblit.properties b/distrib/gitblit.properties
index 9ccd35d6..da662126 100644
--- a/distrib/gitblit.properties
+++ b/distrib/gitblit.properties
@@ -233,6 +233,28 @@ realm.ldap.groupMemberPattern = (&(objectClass=group)(member=${dn}))
 # SINCE 1.0.0

 realm.ldap.admins= @Git_Admins

 

+# Attribute(s) on the USER record that indicate their display (or full) name. Leave blank

+# for no mapping available in LDAP

+#

+# This may be a single attribute, or a string of multiple attributes.  Examples:

+#  displayName - Uses the attribute 'displayName' on the user record

+#  ${personalTitle}. ${givenName} ${surname} - Will concatenate the 3 

+#       attributes together, with a '.' after personalTitle 

+#

+# SINCE 1.0.0

+realm.ldap.displayName= displayName

+

+# Attribute(s) on the USER record that indicate their email address.  Leave blank

+# for no mapping available in LDAP

+#

+# This may be a single attribute, or a string of multiple attributes.  Examples:

+#  email - Uses the attribute 'email' on the user record

+#  ${givenName}.${surname}@gitblit.com -Will concatenate the 2 attributes

+#       together with a '.' and '@' creating something like first.last@gitblit.com 

+#

+# SINCE 1.0.0

+realm.ldap.email = email

+

 #

 # Gitblit Web Settings

 #