diff options
author | Shawn Pearce <sop@google.com> | 2013-08-12 19:29:41 -0700 |
---|---|---|
committer | Shawn Pearce <sop@google.com> | 2013-08-12 19:29:41 -0700 |
commit | 5995feb5abe2834998a9809cdcfc65efd994397d (patch) | |
tree | e63cc23c8e74ed7265622abffca52676a24b897f | |
parent | c4a0f0c8f0a30ed30252000373bbb2a68d8481f6 (diff) | |
parent | 78c978e40741fdbd5103449a14a5b60614d6fcff (diff) |
Merge branch 'stable-2.6' into stable-2.7
* stable-2.6:
Expand capabilities of ldap.groupMemberPattern
3 files changed, 9 insertions, 15 deletions
diff --git a/Documentation/config-gerrit.txt b/Documentation/config-gerrit.txt index 3591c7793f..daafcf167b 100644 --- a/Documentation/config-gerrit.txt +++ b/Documentation/config-gerrit.txt @@ -1842,8 +1842,8 @@ corresponding attribute (in this case, `fooBarAttribute`) as read from the user's account object matched under `ldap.accountBase`. Attributes such as `${dn}` or `${uidNumber}` may be useful. + -Default is `(memberUid=${username})` for RFC 2307, -and unset (disabled) for Active Directory. +Default is `(|(memberUid=${username})(gidNumber=${gidNumber}))` for +RFC 2307, and unset (disabled) for Active Directory. [[ldap.groupName]]ldap.groupName:: + diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/Helper.java b/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/Helper.java index 0151dde40f..7d0ad24325 100644 --- a/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/Helper.java +++ b/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/Helper.java @@ -197,13 +197,11 @@ import javax.security.auth.login.LoginException; if (!schema.groupMemberQueryList.isEmpty()) { final HashMap<String, String> params = new HashMap<String, String>(); - if (schema.groupNeedsAccount) { - if (account == null) { - account = findAccount(schema, ctx, username); - } - for (String name : schema.groupMemberQueryList.get(0).getParameters()) { - params.put(name, account.get(name)); - } + if (account == null) { + account = findAccount(schema, ctx, username); + } + for (String name : schema.groupMemberQueryList.get(0).getParameters()) { + params.put(name, account.get(name)); } params.put(LdapRealm.USERNAME, username); @@ -286,7 +284,6 @@ import javax.security.auth.login.LoginException; final String accountMemberField; final List<LdapQuery> accountQueryList; - boolean groupNeedsAccount; final List<String> groupBases; final SearchScope groupScope; final ParameterizedString groupPattern; @@ -321,10 +318,7 @@ import javax.security.auth.login.LoginException; } for (final String name : groupMemberQuery.getParameters()) { - if (!LdapRealm.USERNAME.equals(name)) { - groupNeedsAccount = true; - accountAtts.add(name); - } + accountAtts.add(name); } groupMemberQueryList.add(groupMemberQuery); diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapType.java b/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapType.java index db5baebfc0..3c1b0d22b3 100644 --- a/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapType.java +++ b/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapType.java @@ -57,7 +57,7 @@ abstract class LdapType { @Override String groupMemberPattern() { - return "(memberUid=${username})"; + return "(|(memberUid=${username})(gidNumber=${gidNumber}))"; } @Override |