Support loading the sshUserName from LDAP

This way the initial value of the SSH username is taken from the LDAP
server, where it might have a really good chance of matching the user's
workstation username, making it much easier to SSH into Gerrit as there
is less configuration required.

Signed-off-by: Shawn O. Pearce <sop@google.com>

Documentation/config-gerrit.txt

@@ -540,6 +540,17 @@ LDAP server.
 +
 Default is `mail`, a common value for most servers.
 
+[[ldap.accountSshUserName]]ldap.accountSshUserName::
++
+_(Optional)_ Name of an attribute on the user account object which
+contains the initial value for the user's SSH username field in
+Gerrit.  Typically this is the `uid` property in LDAP, but could
+also be `cn`.  Administrators should prefer to match the attribute
+corresponding to the user's workstation username, as this is what
+SSH clients will default to.
++
+Default is `uid`, a common value for most servers.
+
 [[ldap.groupBase]]ldap.groupBase::
 +
 Root of the tree containing all group objects.  This is typically

src/main/java/com/google/gerrit/server/account/AccountManager.java

@@ -186,6 +186,13 @@ public class AccountManager {
     account.setFullName(who.getDisplayName());
     account.setPreferredEmail(extId.getEmailAddress());
 
+    if (who.getSshUserName() != null
+        && db.accounts().bySshUserName(who.getSshUserName()) == null) {
+      // Only set if the name hasn't been used yet, but was given to us.
+      //
+      account.setSshUserName(who.getSshUserName());
+    }
+
     final Transaction txn = db.beginTransaction();
     db.accounts().insert(Collections.singleton(account), txn);
     db.accountExternalIds().insert(Collections.singleton(extId), txn);

src/main/java/com/google/gerrit/server/account/AuthRequest.java

@@ -29,7 +29,10 @@ import static com.google.gerrit.client.reviewdb.AccountExternalId.SCHEME_MAILTO;
 public class AuthRequest {
   /** Create a request for a local username, such as from LDAP. */
   public static AuthRequest forUser(final String username) {
-    return new AuthRequest(SCHEME_GERRIT + username);
+    final AuthRequest r;
+    r = new AuthRequest(SCHEME_GERRIT + username);
+    r.setSshUserName(username);
+    return r;
   }
 
   /**
@@ -48,6 +51,7 @@ public class AuthRequest {
   private final String externalId;
   private String displayName;
   private String emailAddress;
+  private String sshUserName;
 
   public AuthRequest(final String externalId) {
     this.externalId = externalId;
@@ -83,4 +87,12 @@ public class AuthRequest {
   public void setEmailAddress(final String email) {
     emailAddress = email != null && email.length() > 0 ? email : null;
   }
+
+  public String getSshUserName() {
+    return sshUserName;
+  }
+
+  public void setSshUserName(final String user) {
+    sshUserName = user;
+  }
 }

src/main/java/com/google/gerrit/server/ldap/LdapRealm.java

@@ -59,6 +59,7 @@ class LdapRealm implements Realm {
   private final EmailExpander emailExpander;
   private final String accountDisplayName;
   private final String accountEmailAddress;
+  private final String accountSshUserName;
   private final LdapQuery accountQuery;
 
   private final GroupCache groupCache;
@@ -119,6 +120,10 @@ class LdapRealm implements Realm {
     if (accountEmailAddress != null) {
       accountAtts.add(accountEmailAddress);
     }
+    accountSshUserName = optdef(config, "accountSshUserName", "uid");
+    if (accountSshUserName != null) {
+      accountAtts.add(accountSshUserName);
+    }
     for (final String name : groupMemberQuery.getParameters()) {
       if (!USERNAME.equals(name)) {
         groupNeedsAccount = true;
@@ -174,7 +179,10 @@ class LdapRealm implements Realm {
       final DirContext ctx = open();
       try {
         final LdapQuery.Result m = findAccount(ctx, username);
+
         who.setDisplayName(m.get(accountDisplayName));
+        who.setSshUserName(m.get(accountSshUserName));
+
         if (accountEmailAddress != null) {
           who.setEmailAddress(m.get(accountEmailAddress));