summaryrefslogtreecommitdiffstats
path: root/src/main
diff options
context:
space:
mode:
authorj3rem1e <jeremie.brebec@gmail.com>2014-03-27 09:16:53 -0400
committerJames Moger <james.moger@gitblit.com>2014-03-27 09:16:53 -0400
commite4b0ae020290abfff26ef8b8f35485d277e4da62 (patch)
tree15b07d0ef544e0c0f31c2c5634529d9d1fd4998c /src/main
parent21be4b4b2370b7eddf839fe64dd4207f72a05a2a (diff)
downloadgitblit-e4b0ae020290abfff26ef8b8f35485d277e4da62.tar.gz
gitblit-e4b0ae020290abfff26ef8b8f35485d277e4da62.zip
LDAP: Authenticated Searches without a manager password
Allow to use the LDAP AuthProvider with a LDAP Server prohibiting anonymous searches but without providing a manager password : searches are made on behalf of the authenticated user.
Diffstat (limited to 'src/main')
-rw-r--r--src/main/distrib/data/gitblit.properties9
-rw-r--r--src/main/java/com/gitblit/auth/LdapAuthProvider.java16
2 files changed, 24 insertions, 1 deletions
diff --git a/src/main/distrib/data/gitblit.properties b/src/main/distrib/data/gitblit.properties
index 70a6c6e6..b819b381 100644
--- a/src/main/distrib/data/gitblit.properties
+++ b/src/main/distrib/data/gitblit.properties
@@ -1516,6 +1516,15 @@ realm.ldap.username = cn=Directory Manager
# SINCE 1.0.0
realm.ldap.password = password
+# Bind pattern for Authentication.
+# Allow to directly authenticate an user without LDAP Searches.
+#
+# e.g. CN=${username},OU=Users,OU=UserControl,OU=MyOrganization,DC=MyDomain
+#
+# SINCE 1.5.0
+realm.ldap.bindpattern =
+
+
# Delegate team membership control to LDAP.
#
# If true, team user memberships will be specified by LDAP groups. This will
diff --git a/src/main/java/com/gitblit/auth/LdapAuthProvider.java b/src/main/java/com/gitblit/auth/LdapAuthProvider.java
index 3a688d83..892f30ba 100644
--- a/src/main/java/com/gitblit/auth/LdapAuthProvider.java
+++ b/src/main/java/com/gitblit/auth/LdapAuthProvider.java
@@ -294,6 +294,20 @@ public class LdapAuthProvider extends UsernamePasswordAuthenticationProvider {
LDAPConnection ldapConnection = getLdapConnection();
if (ldapConnection != null) {
try {
+ boolean alreadyAuthenticated = false;
+
+ String bindPattern = settings.getString(Keys.realm.ldap.bindpattern, "");
+ if (!StringUtils.isEmpty(bindPattern)) {
+ try {
+ String bindUser = StringUtils.replace(bindPattern, "${username}", simpleUsername);
+ ldapConnection.bind(bindUser, new String(password));
+
+ alreadyAuthenticated = true;
+ } catch (LDAPException e) {
+ return null;
+ }
+ }
+
// Find the logging in user's DN
String accountBase = settings.getString(Keys.realm.ldap.accountBase, "");
String accountPattern = settings.getString(Keys.realm.ldap.accountPattern, "(&(objectClass=person)(sAMAccountName=${username}))");
@@ -304,7 +318,7 @@ public class LdapAuthProvider extends UsernamePasswordAuthenticationProvider {
SearchResultEntry loggingInUser = result.getSearchEntries().get(0);
String loggingInUserDN = loggingInUser.getDN();
- if (isAuthenticated(ldapConnection, loggingInUserDN, new String(password))) {
+ if (alreadyAuthenticated || isAuthenticated(ldapConnection, loggingInUserDN, new String(password))) {
logger.debug("LDAP authenticated: " + username);
UserModel user = null;