Enable updating the full-name of manually created account

When Gerrit runs with LDAP backend, make it possible to
update the full name of manually created account.

Change-Id: I27aafaba263db1794fb808dccb7ccb46b393741f

gerrit-reviewdb/src/main/java/com/google/gerrit/reviewdb/client/AccountExternalId.java

@@ -20,7 +20,7 @@ import com.google.gwtorm.client.StringKey;
 /** Association of an external account identifier to a local {@link Account}. */
 public final class AccountExternalId {
   /**
-   * Scheme used for {@link AuthType#LDAP}, {@link AuthType#HTTP},
+   * Scheme used for {@link AuthType#LDAP}, {@link AuthType#CLIENT_SSL_CERT_LDAP},
    * {@link AuthType#HTTP_LDAP}, and {@link AuthType#LDAP_BIND} usernames.
    * <p>
    * The name {@code gerrit:} was a very poor choice.

gerrit-server/src/main/java/com/google/gerrit/server/account/PutName.java

@@ -14,6 +14,8 @@
 
 package com.google.gerrit.server.account;
 
+import static com.google.gerrit.reviewdb.client.AccountExternalId.SCHEME_GERRIT;
+
 import com.google.common.base.Strings;
 import com.google.gerrit.extensions.restapi.AuthException;
 import com.google.gerrit.extensions.restapi.DefaultInput;
@@ -23,10 +25,12 @@ import com.google.gerrit.extensions.restapi.Response;
 import com.google.gerrit.extensions.restapi.RestModifyView;
 import com.google.gerrit.reviewdb.client.Account;
 import com.google.gerrit.reviewdb.client.Account.FieldName;
+import com.google.gerrit.reviewdb.client.AccountExternalId;
 import com.google.gerrit.reviewdb.server.ReviewDb;
 import com.google.gerrit.server.CurrentUser;
 import com.google.gerrit.server.IdentifiedUser;
 import com.google.gerrit.server.account.PutName.Input;
+import com.google.gerrit.server.auth.ldap.LdapRealm;
 import com.google.gwtorm.server.OrmException;
 import com.google.inject.Inject;
 import com.google.inject.Provider;
@@ -66,18 +70,21 @@ public class PutName implements RestModifyView<AccountResource, Input> {
 
   public Response<String> apply(IdentifiedUser user, Input input)
       throws MethodNotAllowedException, ResourceNotFoundException, OrmException {
-    if (!realm.allowsEdit(FieldName.FULL_NAME)) {
-      throw new MethodNotAllowedException("realm does not allow editing name");
-    }
-
     if (input == null) {
       input = new Input();
     }
-
+    ReviewDb db = dbProvider.get();
-    Account a = dbProvider.get().accounts().get(user.getAccountId());
+    Account a = db.accounts().get(user.getAccountId());
     if (a == null) {
       throw new ResourceNotFoundException("account not found");
     }
+
+    if (!realm.allowsEdit(FieldName.FULL_NAME)
+        && !(realm instanceof LdapRealm && db.accountExternalIds().get(
+            new AccountExternalId.Key(SCHEME_GERRIT, a.getUserName())) == null)) {
+      throw new MethodNotAllowedException("realm does not allow editing name");
+    }
+
     a.setFullName(input.name);
     dbProvider.get().accounts().update(Collections.singleton(a));
     byIdCache.evict(a.getId());

gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapRealm.java

@@ -59,7 +59,7 @@ import javax.naming.directory.DirContext;
 import javax.security.auth.login.LoginException;
 
 @Singleton
-class LdapRealm implements Realm {
+public class LdapRealm implements Realm {
   static final Logger log = LoggerFactory.getLogger(LdapRealm.class);
   static final String LDAP = "com.sun.jndi.ldap.LdapCtxFactory";
   static final String USERNAME = "username";