1 files changed, 34 insertions, 9 deletions

diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapGroupBackend.java b/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapGroupBackend.java
index 5c30e5c039..2cf372b493 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapGroupBackend.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapGroupBackend.java
@@ -32,6 +32,7 @@ import com.google.gerrit.server.account.GroupBackend;
 import com.google.gerrit.server.account.GroupMembership;
 import com.google.gerrit.server.account.ListGroupMembership;
 import com.google.gerrit.server.auth.ldap.Helper.LdapSchema;
+import com.google.gerrit.server.project.ProjectCache;
 import com.google.inject.Inject;
 import com.google.inject.Provider;
 import com.google.inject.name.Named;
@@ -41,15 +42,18 @@ import org.slf4j.LoggerFactory;
 
 import java.util.Collection;
 import java.util.Collections;
+import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;
 import java.util.concurrent.ExecutionException;
 
+import javax.annotation.Nullable;
 import javax.naming.InvalidNameException;
 import javax.naming.NamingException;
 import javax.naming.directory.DirContext;
 import javax.naming.ldap.LdapName;
 import javax.naming.ldap.Rdn;
+import javax.security.auth.login.LoginException;
 
 /**
  * Implementation of GroupBackend for the LDAP group system.
@@ -63,6 +67,7 @@ public class LdapGroupBackend implements GroupBackend {
   private final Helper helper;
   private final LoadingCache<String, Set<AccountGroup.UUID>> membershipCache;
   private final LoadingCache<String, Boolean> existsCache;
+  private final ProjectCache projectCache;
   private final Provider<CurrentUser> userProvider;
 
   @Inject
@@ -70,22 +75,24 @@ public class LdapGroupBackend implements GroupBackend {
       Helper helper,
       @Named(GROUP_CACHE) LoadingCache<String, Set<AccountGroup.UUID>> membershipCache,
       @Named(GROUP_EXIST_CACHE) LoadingCache<String, Boolean> existsCache,
+      ProjectCache projectCache,
       Provider<CurrentUser> userProvider) {
     this.helper = helper;
     this.membershipCache = membershipCache;
+    this.projectCache = projectCache;
     this.existsCache = existsCache;
     this.userProvider = userProvider;
   }
 
-  private static boolean isLdapUUID(AccountGroup.UUID uuid) {
+  private boolean isLdapUUID(AccountGroup.UUID uuid) {
     return uuid.get().startsWith(LDAP_UUID);
   }
 
-  private static GroupReference groupReference(LdapQuery.Result res)
-      throws NamingException {
+  private static GroupReference groupReference(ParameterizedString p,
+      LdapQuery.Result res) throws NamingException {
     return new GroupReference(
         new AccountGroup.UUID(LDAP_UUID + res.getDN()),
-        LDAP_NAME + cnFor(res.getDN()));
+        LDAP_NAME + LdapRealm.apply(p, res));
   }
 
   private static String cnFor(String dn) {
@@ -143,8 +150,15 @@ public class LdapGroupBackend implements GroupBackend {
       }
 
       @Override
-      public boolean isVisibleToAll() {
-        return false;
+      @Nullable
+      public String getEmailAddress() {
+        return null;
+      }
+
+      @Override
+      @Nullable
+      public String getUrl() {
+        return null;
       }
     };
   }
@@ -172,7 +186,15 @@ public class LdapGroupBackend implements GroupBackend {
     }
 
     try {
-      return new ListGroupMembership(membershipCache.get(id));
+      final Set<AccountGroup.UUID> groups = membershipCache.get(id);
+      return new ListGroupMembership(groups) {
+        @Override
+        public Set<AccountGroup.UUID> getKnownGroups() {
+          Set<AccountGroup.UUID> g = Sets.newHashSet(groups);
+          g.retainAll(projectCache.guessRelevantGroupUUIDs());
+          return g;
+        }
+      };
     } catch (ExecutionException e) {
       log.warn(String.format("Cannot lookup membershipsOf %s in LDAP", id), e);
       return GroupMembership.EMPTY;
@@ -203,13 +225,14 @@ public class LdapGroupBackend implements GroupBackend {
         LdapSchema schema = helper.getSchema(ctx);
         ParameterizedString filter = ParameterizedString.asis(
             schema.groupPattern.replace(GROUPNAME, name).toString());
-        Set<String> returnAttrs = Collections.<String>emptySet();
+        Set<String> returnAttrs =
+            new HashSet<String>(schema.groupName.getParameterNames());
         Map<String, String> params = Collections.emptyMap();
         for (String groupBase : schema.groupBases) {
           LdapQuery query = new LdapQuery(
               groupBase, schema.groupScope, filter, returnAttrs);
           for (LdapQuery.Result res : query.query(ctx, params)) {
-            out.add(groupReference(res));
+            out.add(groupReference(schema.groupName, res));
           }
         }
       } finally {
@@ -221,6 +244,8 @@ public class LdapGroupBackend implements GroupBackend {
       }
     } catch (NamingException e) {
       log.warn("Cannot query LDAP for groups matching requested name", e);
+    } catch (LoginException e) {
+      log.warn("Cannot query LDAP for groups matching requested name", e);
     }
     return out;
   }