From 59e09227e88985d78b0080fea0866a2b3f366241 Mon Sep 17 00:00:00 2001
From: "Shawn O. Pearce" <sop@google.com>
Date: Wed, 19 Aug 2009 09:04:49 -0700
Subject: [PATCH] Support loading the sshUserName from LDAP

This way the initial value of the SSH username is taken from the LDAP
server, where it might have a really good chance of matching the user's
workstation username, making it much easier to SSH into Gerrit as there
is less configuration required.

Signed-off-by: Shawn O. Pearce <sop@google.com>
---
 Documentation/config-gerrit.txt                    | 11 +++++++++++
 .../gerrit/server/account/AccountManager.java      |  7 +++++++
 .../google/gerrit/server/account/AuthRequest.java  | 14 +++++++++++++-
 .../com/google/gerrit/server/ldap/LdapRealm.java   |  8 ++++++++
 4 files changed, 39 insertions(+), 1 deletion(-)

diff --git a/Documentation/config-gerrit.txt b/Documentation/config-gerrit.txt
index 208059398c..fd6bf2cd8b 100644
--- a/Documentation/config-gerrit.txt
+++ b/Documentation/config-gerrit.txt
@@ -540,6 +540,17 @@ LDAP server.
 +
 Default is `mail`, a common value for most servers.
 
+[[ldap.accountSshUserName]]ldap.accountSshUserName::
++
+_(Optional)_ Name of an attribute on the user account object which
+contains the initial value for the user's SSH username field in
+Gerrit.  Typically this is the `uid` property in LDAP, but could
+also be `cn`.  Administrators should prefer to match the attribute
+corresponding to the user's workstation username, as this is what
+SSH clients will default to.
++
+Default is `uid`, a common value for most servers.
+
 [[ldap.groupBase]]ldap.groupBase::
 +
 Root of the tree containing all group objects.  This is typically
diff --git a/src/main/java/com/google/gerrit/server/account/AccountManager.java b/src/main/java/com/google/gerrit/server/account/AccountManager.java
index 438e00841d..6cf8706a2b 100644
--- a/src/main/java/com/google/gerrit/server/account/AccountManager.java
+++ b/src/main/java/com/google/gerrit/server/account/AccountManager.java
@@ -186,6 +186,13 @@ public class AccountManager {
     account.setFullName(who.getDisplayName());
     account.setPreferredEmail(extId.getEmailAddress());
 
+    if (who.getSshUserName() != null
+        && db.accounts().bySshUserName(who.getSshUserName()) == null) {
+      // Only set if the name hasn't been used yet, but was given to us.
+      //
+      account.setSshUserName(who.getSshUserName());
+    }
+
     final Transaction txn = db.beginTransaction();
     db.accounts().insert(Collections.singleton(account), txn);
     db.accountExternalIds().insert(Collections.singleton(extId), txn);
diff --git a/src/main/java/com/google/gerrit/server/account/AuthRequest.java b/src/main/java/com/google/gerrit/server/account/AuthRequest.java
index ed74c1219d..7cec4ebc3d 100644
--- a/src/main/java/com/google/gerrit/server/account/AuthRequest.java
+++ b/src/main/java/com/google/gerrit/server/account/AuthRequest.java
@@ -29,7 +29,10 @@ import static com.google.gerrit.client.reviewdb.AccountExternalId.SCHEME_MAILTO;
 public class AuthRequest {
   /** Create a request for a local username, such as from LDAP. */
   public static AuthRequest forUser(final String username) {
-    return new AuthRequest(SCHEME_GERRIT + username);
+    final AuthRequest r;
+    r = new AuthRequest(SCHEME_GERRIT + username);
+    r.setSshUserName(username);
+    return r;
   }
 
   /**
@@ -48,6 +51,7 @@ public class AuthRequest {
   private final String externalId;
   private String displayName;
   private String emailAddress;
+  private String sshUserName;
 
   public AuthRequest(final String externalId) {
     this.externalId = externalId;
@@ -83,4 +87,12 @@ public class AuthRequest {
   public void setEmailAddress(final String email) {
     emailAddress = email != null && email.length() > 0 ? email : null;
   }
+
+  public String getSshUserName() {
+    return sshUserName;
+  }
+
+  public void setSshUserName(final String user) {
+    sshUserName = user;
+  }
 }
diff --git a/src/main/java/com/google/gerrit/server/ldap/LdapRealm.java b/src/main/java/com/google/gerrit/server/ldap/LdapRealm.java
index 24dde52cfe..b724563d34 100644
--- a/src/main/java/com/google/gerrit/server/ldap/LdapRealm.java
+++ b/src/main/java/com/google/gerrit/server/ldap/LdapRealm.java
@@ -59,6 +59,7 @@ class LdapRealm implements Realm {
   private final EmailExpander emailExpander;
   private final String accountDisplayName;
   private final String accountEmailAddress;
+  private final String accountSshUserName;
   private final LdapQuery accountQuery;
 
   private final GroupCache groupCache;
@@ -119,6 +120,10 @@ class LdapRealm implements Realm {
     if (accountEmailAddress != null) {
       accountAtts.add(accountEmailAddress);
     }
+    accountSshUserName = optdef(config, "accountSshUserName", "uid");
+    if (accountSshUserName != null) {
+      accountAtts.add(accountSshUserName);
+    }
     for (final String name : groupMemberQuery.getParameters()) {
       if (!USERNAME.equals(name)) {
         groupNeedsAccount = true;
@@ -174,7 +179,10 @@ class LdapRealm implements Realm {
       final DirContext ctx = open();
       try {
         final LdapQuery.Result m = findAccount(ctx, username);
+
         who.setDisplayName(m.get(accountDisplayName));
+        who.setSshUserName(m.get(accountSshUserName));
+
         if (accountEmailAddress != null) {
           who.setEmailAddress(m.get(accountEmailAddress));