2 files changed, 33 insertions, 0 deletions

diff --git a/src/main/distrib/data/gitblit.properties b/src/main/distrib/data/gitblit.properties
index bd0efd9e..3297d254 100644
--- a/src/main/distrib/data/gitblit.properties
+++ b/src/main/distrib/data/gitblit.properties
@@ -1460,6 +1460,14 @@ realm.ldap.groupBase = OU=Groups,OU=UserControl,OU=MyOrganization,DC=MyDomain
 # SINCE 1.0.0

 realm.ldap.groupMemberPattern = (&(objectClass=group)(member=${dn}))

 

+# Filter criteria for empty LDAP groups

+#

+# Query pattern to use when searching for an empty team. This may be any valid 

+# LDAP query expression, including the standard (&) and (|) operators.

+#

+# SINCE 1.4.0

+realm.ldap.groupEmptyMemberPattern = (&(objectClass=group)(!(member=*)))

+

 # LDAP users or groups that should be given administrator privileges.

 #

 # Teams are specified with a leading '@' character.  Groups with spaces in the

@@ -1516,6 +1524,7 @@ realm.ldap.synchronizeUsers.enable = false
 # default: 5 MINUTES

 #

 # RESTART REQUIRED

+# SINCE 1.4.0

 realm.ldap.synchronizeUsers.ldapSyncPeriod = 5 MINUTES

 

 # Defines whether to delete non-existent LDAP users from the backing user service

diff --git a/src/main/java/com/gitblit/auth/LdapAuthProvider.java b/src/main/java/com/gitblit/auth/LdapAuthProvider.java
index 1ec273a9..b2084595 100644
--- a/src/main/java/com/gitblit/auth/LdapAuthProvider.java
+++ b/src/main/java/com/gitblit/auth/LdapAuthProvider.java
@@ -152,6 +152,9 @@ public class LdapAuthProvider extends UsernamePasswordAuthenticationProvider {
                                 userManager.updateTeamModels(userTeams.values());
                             }
                         }
+                        if (!supportsTeamMembershipChanges()) {
+                        	getEmptyTeamsFromLdap(ldapConnection);
+                        }
                         lastLdapUserSync.set(System.currentTimeMillis());
                     } finally {
                         ldapConnection.close();
@@ -435,6 +438,27 @@ public class LdapAuthProvider extends UsernamePasswordAuthenticationProvider {
 		}
 	}
 
+	private void getEmptyTeamsFromLdap(LDAPConnection ldapConnection) {
+		String groupBase = settings.getString(Keys.realm.ldap.groupBase, "");
+		String groupMemberPattern = settings.getString(Keys.realm.ldap.groupEmptyMemberPattern, "(&(objectClass=group)(!(member=*)))");
+
+		SearchResult teamMembershipResult = doSearch(ldapConnection, groupBase, true, groupMemberPattern, null);
+		if (teamMembershipResult != null && teamMembershipResult.getEntryCount() > 0) {
+			for (int i = 0; i < teamMembershipResult.getEntryCount(); i++) {
+				SearchResultEntry teamEntry = teamMembershipResult.getSearchEntries().get(i);
+				if (!teamEntry.hasAttribute("member")) {
+					String teamName = teamEntry.getAttribute("cn").getValue();
+	
+					TeamModel teamModel = userManager.getTeamModel(teamName);
+					if (teamModel == null) {
+						teamModel = createTeamFromLdap(teamEntry);
+						userManager.updateTeamModel(teamModel);
+					}
+				}
+			}
+		}
+	}
+
 	private TeamModel createTeamFromLdap(SearchResultEntry teamEntry) {
 		TeamModel answer = new TeamModel(teamEntry.getAttributeValue("cn"));
 		answer.accountType = getAccountType();