3 files changed, 29 insertions, 2 deletions
diff --git a/releases.moxie b/releases.moxie
index 52424513..c9687e26 100644
--- a/releases.moxie
+++ b/releases.moxie
@@ -11,12 +11,16 @@ r22: {
     security: ~
     fixes:
     - Ensure the Lucene ticket index is updated on repository deletion.
-    changes: ~
+    changes:
+    - Option to allow LDAP users to directly authenticate without performing LDAP searches
     additions:
     - Added a French translation
     dependencyChanges: ~
     contributors:
     - Johann Ollivier-Lapeyre
+    - Jeremie Brebec
+    settings:
+    - { name: 'realm.ldap.bindpattern', defaultValue: ' ' }
 }
 
 #
diff --git a/src/main/distrib/data/gitblit.properties b/src/main/distrib/data/gitblit.properties
index 70a6c6e6..b819b381 100644
--- a/src/main/distrib/data/gitblit.properties
+++ b/src/main/distrib/data/gitblit.properties
@@ -1516,6 +1516,15 @@ realm.ldap.username = cn=Directory Manager
 # SINCE 1.0.0
 realm.ldap.password = password
 
+# Bind pattern for Authentication.
+# Allow to directly authenticate an user without LDAP Searches.
+# 
+# e.g. CN=${username},OU=Users,OU=UserControl,OU=MyOrganization,DC=MyDomain
+#
+# SINCE 1.5.0
+realm.ldap.bindpattern = 
+
+
 # Delegate team membership control to LDAP.
 #
 # If true, team user memberships will be specified by LDAP groups.  This will
diff --git a/src/main/java/com/gitblit/auth/LdapAuthProvider.java b/src/main/java/com/gitblit/auth/LdapAuthProvider.java
index 3a688d83..892f30ba 100644
--- a/src/main/java/com/gitblit/auth/LdapAuthProvider.java
+++ b/src/main/java/com/gitblit/auth/LdapAuthProvider.java
@@ -294,6 +294,20 @@ public class LdapAuthProvider extends UsernamePasswordAuthenticationProvider {
 		LDAPConnection ldapConnection = getLdapConnection();
 		if (ldapConnection != null) {
 			try {
+				boolean alreadyAuthenticated = false;
+				
+				String bindPattern = settings.getString(Keys.realm.ldap.bindpattern, "");
+				if (!StringUtils.isEmpty(bindPattern)) {
+					try {
+						String bindUser = StringUtils.replace(bindPattern, "${username}", simpleUsername);
+						ldapConnection.bind(bindUser, new String(password));
+						
+						alreadyAuthenticated = true;
+					} catch (LDAPException e) {
+						return null;
+					}
+				}
+
 				// Find the logging in user's DN
 				String accountBase = settings.getString(Keys.realm.ldap.accountBase, "");
 				String accountPattern = settings.getString(Keys.realm.ldap.accountPattern, "(&(objectClass=person)(sAMAccountName=${username}))");
@@ -304,7 +318,7 @@ public class LdapAuthProvider extends UsernamePasswordAuthenticationProvider {
 					SearchResultEntry loggingInUser = result.getSearchEntries().get(0);
 					String loggingInUserDN = loggingInUser.getDN();
 
-					if (isAuthenticated(ldapConnection, loggingInUserDN, new String(password))) {
+					if (alreadyAuthenticated || isAuthenticated(ldapConnection, loggingInUserDN, new String(password))) {
 						logger.debug("LDAP authenticated: " + username);
 
 						UserModel user = null;