diff options
Diffstat (limited to 'gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapGroupBackend.java')
-rw-r--r-- | gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapGroupBackend.java | 43 |
1 files changed, 34 insertions, 9 deletions
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapGroupBackend.java b/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapGroupBackend.java index 5c30e5c039..2cf372b493 100644 --- a/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapGroupBackend.java +++ b/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapGroupBackend.java @@ -32,6 +32,7 @@ import com.google.gerrit.server.account.GroupBackend; import com.google.gerrit.server.account.GroupMembership; import com.google.gerrit.server.account.ListGroupMembership; import com.google.gerrit.server.auth.ldap.Helper.LdapSchema; +import com.google.gerrit.server.project.ProjectCache; import com.google.inject.Inject; import com.google.inject.Provider; import com.google.inject.name.Named; @@ -41,15 +42,18 @@ import org.slf4j.LoggerFactory; import java.util.Collection; import java.util.Collections; +import java.util.HashSet; import java.util.Map; import java.util.Set; import java.util.concurrent.ExecutionException; +import javax.annotation.Nullable; import javax.naming.InvalidNameException; import javax.naming.NamingException; import javax.naming.directory.DirContext; import javax.naming.ldap.LdapName; import javax.naming.ldap.Rdn; +import javax.security.auth.login.LoginException; /** * Implementation of GroupBackend for the LDAP group system. @@ -63,6 +67,7 @@ public class LdapGroupBackend implements GroupBackend { private final Helper helper; private final LoadingCache<String, Set<AccountGroup.UUID>> membershipCache; private final LoadingCache<String, Boolean> existsCache; + private final ProjectCache projectCache; private final Provider<CurrentUser> userProvider; @Inject @@ -70,22 +75,24 @@ public class LdapGroupBackend implements GroupBackend { Helper helper, @Named(GROUP_CACHE) LoadingCache<String, Set<AccountGroup.UUID>> membershipCache, @Named(GROUP_EXIST_CACHE) LoadingCache<String, Boolean> existsCache, + ProjectCache projectCache, Provider<CurrentUser> userProvider) { this.helper = helper; this.membershipCache = membershipCache; + this.projectCache = projectCache; this.existsCache = existsCache; this.userProvider = userProvider; } - private static boolean isLdapUUID(AccountGroup.UUID uuid) { + private boolean isLdapUUID(AccountGroup.UUID uuid) { return uuid.get().startsWith(LDAP_UUID); } - private static GroupReference groupReference(LdapQuery.Result res) - throws NamingException { + private static GroupReference groupReference(ParameterizedString p, + LdapQuery.Result res) throws NamingException { return new GroupReference( new AccountGroup.UUID(LDAP_UUID + res.getDN()), - LDAP_NAME + cnFor(res.getDN())); + LDAP_NAME + LdapRealm.apply(p, res)); } private static String cnFor(String dn) { @@ -143,8 +150,15 @@ public class LdapGroupBackend implements GroupBackend { } @Override - public boolean isVisibleToAll() { - return false; + @Nullable + public String getEmailAddress() { + return null; + } + + @Override + @Nullable + public String getUrl() { + return null; } }; } @@ -172,7 +186,15 @@ public class LdapGroupBackend implements GroupBackend { } try { - return new ListGroupMembership(membershipCache.get(id)); + final Set<AccountGroup.UUID> groups = membershipCache.get(id); + return new ListGroupMembership(groups) { + @Override + public Set<AccountGroup.UUID> getKnownGroups() { + Set<AccountGroup.UUID> g = Sets.newHashSet(groups); + g.retainAll(projectCache.guessRelevantGroupUUIDs()); + return g; + } + }; } catch (ExecutionException e) { log.warn(String.format("Cannot lookup membershipsOf %s in LDAP", id), e); return GroupMembership.EMPTY; @@ -203,13 +225,14 @@ public class LdapGroupBackend implements GroupBackend { LdapSchema schema = helper.getSchema(ctx); ParameterizedString filter = ParameterizedString.asis( schema.groupPattern.replace(GROUPNAME, name).toString()); - Set<String> returnAttrs = Collections.<String>emptySet(); + Set<String> returnAttrs = + new HashSet<String>(schema.groupName.getParameterNames()); Map<String, String> params = Collections.emptyMap(); for (String groupBase : schema.groupBases) { LdapQuery query = new LdapQuery( groupBase, schema.groupScope, filter, returnAttrs); for (LdapQuery.Result res : query.query(ctx, params)) { - out.add(groupReference(res)); + out.add(groupReference(schema.groupName, res)); } } } finally { @@ -221,6 +244,8 @@ public class LdapGroupBackend implements GroupBackend { } } catch (NamingException e) { log.warn("Cannot query LDAP for groups matching requested name", e); + } catch (LoginException e) { + log.warn("Cannot query LDAP for groups matching requested name", e); } return out; } |