From a74d6756c031929a69388b7390b34108ed13ea37 Mon Sep 17 00:00:00 2001
From: Jani Averbach <jaa@jaa.iki.fi>
Date: Mon, 31 Mar 2014 00:53:21 +0300
Subject: LDAP: Added test for binding without special account (e.g. userbased
 bind)

---
 src/test/java/com/gitblit/tests/LdapAuthenticationTest.java | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/src/test/java/com/gitblit/tests/LdapAuthenticationTest.java b/src/test/java/com/gitblit/tests/LdapAuthenticationTest.java
index b037754c..21063d58 100644
--- a/src/test/java/com/gitblit/tests/LdapAuthenticationTest.java
+++ b/src/test/java/com/gitblit/tests/LdapAuthenticationTest.java
@@ -258,6 +258,19 @@ public class LdapAuthenticationTest extends GitblitUnitTest {
 		assertNull(userThreeModel.getTeam("git_admins"));
 		assertTrue(userThreeModel.canAdmin);
 	}
+	
+	@Test
+	public void testBindWithUser() {
+		settings.put(Keys.realm.ldap.bindpattern, "CN=${username},OU=US,OU=Users,OU=UserControl,OU=MyOrganization,DC=MyDomain");
+		settings.put(Keys.realm.ldap.username, "");
+		settings.put(Keys.realm.ldap.password, "");
+
+		UserModel userOneModel = auth.authenticate("UserOne", "userOnePassword".toCharArray());
+		assertNotNull(userOneModel);
+		
+		UserModel userOneModelFailedAuth = auth.authenticate("UserOne", "userTwoPassword".toCharArray());
+		assertNull(userOneModelFailedAuth);
+	}
 
 	private int countLdapUsersInUserManager() {
 		int ldapAccountCount = 0;
-- 
cgit v1.2.3


From c30c2b332cf498efef9a01609ff4aa5bd7f8cc14 Mon Sep 17 00:00:00 2001
From: Jani Averbach <jaa@jaa.iki.fi>
Date: Mon, 31 Mar 2014 00:55:43 +0300
Subject: LDAP: Escape username in case we are using userbased bind.

---
 src/main/java/com/gitblit/auth/LdapAuthProvider.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/com/gitblit/auth/LdapAuthProvider.java b/src/main/java/com/gitblit/auth/LdapAuthProvider.java
index 892f30ba..83f24669 100644
--- a/src/main/java/com/gitblit/auth/LdapAuthProvider.java
+++ b/src/main/java/com/gitblit/auth/LdapAuthProvider.java
@@ -299,7 +299,7 @@ public class LdapAuthProvider extends UsernamePasswordAuthenticationProvider {
 				String bindPattern = settings.getString(Keys.realm.ldap.bindpattern, "");
 				if (!StringUtils.isEmpty(bindPattern)) {
 					try {
-						String bindUser = StringUtils.replace(bindPattern, "${username}", simpleUsername);
+						String bindUser = StringUtils.replace(bindPattern, "${username}", escapeLDAPSearchFilter(simpleUsername));
 						ldapConnection.bind(bindUser, new String(password));
 						
 						alreadyAuthenticated = true;
-- 
cgit v1.2.3