Support loading the sshUserName from LDAP

This way the initial value of the SSH username is taken from the LDAP server, where it might have a really good chance of matching the user's workstation username, making it much easier to SSH into Gerrit as there is less configuration required. Signed-off-by: Shawn O. Pearce <sop@google.com>
2009-08-19 09:04:49 -07:00
parent 1f42ceb9bf
commit 59e09227e8
4 changed files with 39 additions and 1 deletions
--- a/src/main/java/com/google/gerrit/server/account/AccountManager.java
+++ b/src/main/java/com/google/gerrit/server/account/AccountManager.java
@@ -186,6 +186,13 @@ public class AccountManager {
    account.setFullName(who.getDisplayName());
    account.setPreferredEmail(extId.getEmailAddress());

+    if (who.getSshUserName() != null
+        && db.accounts().bySshUserName(who.getSshUserName()) == null) {
+      // Only set if the name hasn't been used yet, but was given to us.
+      //
+      account.setSshUserName(who.getSshUserName());
+    }
+
    final Transaction txn = db.beginTransaction();
    db.accounts().insert(Collections.singleton(account), txn);
    db.accountExternalIds().insert(Collections.singleton(extId), txn);
--- a/src/main/java/com/google/gerrit/server/account/AuthRequest.java
+++ b/src/main/java/com/google/gerrit/server/account/AuthRequest.java
@@ -29,7 +29,10 @@ import static com.google.gerrit.client.reviewdb.AccountExternalId.SCHEME_MAILTO;
 public class AuthRequest {
  /** Create a request for a local username, such as from LDAP. */
  public static AuthRequest forUser(final String username) {
-    return new AuthRequest(SCHEME_GERRIT + username);
+    final AuthRequest r;
+    r = new AuthRequest(SCHEME_GERRIT + username);
+    r.setSshUserName(username);
+    return r;
  }

  /**
@@ -48,6 +51,7 @@ public class AuthRequest {
  private final String externalId;
  private String displayName;
  private String emailAddress;
+  private String sshUserName;

  public AuthRequest(final String externalId) {
    this.externalId = externalId;
@@ -83,4 +87,12 @@ public class AuthRequest {
  public void setEmailAddress(final String email) {
    emailAddress = email != null && email.length() > 0 ? email : null;
  }
+
+  public String getSshUserName() {
+    return sshUserName;
+  }
+
+  public void setSshUserName(final String user) {
+    sshUserName = user;
+  }
 }
--- a/src/main/java/com/google/gerrit/server/ldap/LdapRealm.java
+++ b/src/main/java/com/google/gerrit/server/ldap/LdapRealm.java
@@ -59,6 +59,7 @@ class LdapRealm implements Realm {
  private final EmailExpander emailExpander;
  private final String accountDisplayName;
  private final String accountEmailAddress;
+  private final String accountSshUserName;
  private final LdapQuery accountQuery;

  private final GroupCache groupCache;
@@ -119,6 +120,10 @@ class LdapRealm implements Realm {
    if (accountEmailAddress != null) {
      accountAtts.add(accountEmailAddress);
    }
+    accountSshUserName = optdef(config, "accountSshUserName", "uid");
+    if (accountSshUserName != null) {
+      accountAtts.add(accountSshUserName);
+    }
    for (final String name : groupMemberQuery.getParameters()) {
      if (!USERNAME.equals(name)) {
        groupNeedsAccount = true;
@@ -174,7 +179,10 @@ class LdapRealm implements Realm {
      final DirContext ctx = open();
      try {
        final LdapQuery.Result m = findAccount(ctx, username);
+
        who.setDisplayName(m.get(accountDisplayName));
+        who.setSshUserName(m.get(accountSshUserName));
+
        if (accountEmailAddress != null) {
          who.setEmailAddress(m.get(accountEmailAddress));