Merge "Allow LDAP group names to be configurable"

2012-10-11 02:31:56 -07:00
parent 225f33513c 5780913a6d
commit cafe3765c8
5 changed files with 34 additions and 6 deletions
--- a/Documentation/config-gerrit.txt
+++ b/Documentation/config-gerrit.txt
@@ -1707,6 +1707,18 @@ Attributes such as `${dn}` or `${uidNumber}` may be useful.
 Default is `(memberUid=${username})` for RFC 2307,
 and unset (disabled) for Active Directory.

+[[ldap.groupName]]ldap.groupName::
+
+_(Optional)_ Name of an attribute on the group object which contains
+the value for the group name in Gerrit.
+Typically this is the `cn` property in LDAP, but could also be
+`apple-group-realname`.
+
+Attribute values may be concatenated with literal strings. For example
+to join group name and group id, use the pattern `${cn} (${gidNumber})`.
+
+Default is `cn` for RFC 2307 servers and Active Directory.
+
 [[ldap.localUsernameToLowerCase]]ldap.localUsernameToLowerCase::
 +
 Converts the local username, that is used to login into the Gerrit
--- a/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/Helper.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/Helper.java
@@ -242,6 +242,7 @@ import javax.net.ssl.SSLSocketFactory;
    final List<String> groupBases;
    final SearchScope groupScope;
    final ParameterizedString groupPattern;
+    final ParameterizedString groupName;
    final List<LdapQuery> groupMemberQueryList;

    LdapSchema(final DirContext ctx) {
@@ -257,6 +258,7 @@ import javax.net.ssl.SSLSocketFactory;
      groupBases = LdapRealm.optionalList(config, "groupBase");
      groupScope = LdapRealm.scope(config, "groupScope");
      groupPattern = LdapRealm.paramString(config, "groupPattern", type.groupPattern());
+      groupName = LdapRealm.paramString(config, "groupName", type.groupName());
      final String groupMemberPattern =
          LdapRealm.optdef(config, "groupMemberPattern", type.groupMemberPattern());

--- a/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapGroupBackend.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapGroupBackend.java
@@ -41,6 +41,7 @@ import org.slf4j.LoggerFactory;

 import java.util.Collection;
 import java.util.Collections;
+import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;
 import java.util.concurrent.ExecutionException;
@@ -81,11 +82,11 @@ public class LdapGroupBackend implements GroupBackend {
    return uuid.get().startsWith(LDAP_UUID);
  }

-  private static GroupReference groupReference(LdapQuery.Result res)
-      throws NamingException {
+  private static GroupReference groupReference(ParameterizedString p,
+      LdapQuery.Result res) throws NamingException {
    return new GroupReference(
        new AccountGroup.UUID(LDAP_UUID + res.getDN()),
-        LDAP_NAME + cnFor(res.getDN()));
+        LDAP_NAME + LdapRealm.apply(p, res));
  }

  private static String cnFor(String dn) {
@@ -203,13 +204,14 @@ public class LdapGroupBackend implements GroupBackend {
        LdapSchema schema = helper.getSchema(ctx);
        ParameterizedString filter = ParameterizedString.asis(
            schema.groupPattern.replace(GROUPNAME, name).toString());
-        Set<String> returnAttrs = Collections.<String>emptySet();
+        Set<String> returnAttrs =
+            new HashSet<String>(schema.groupName.getParameterNames());
        Map<String, String> params = Collections.emptyMap();
        for (String groupBase : schema.groupBases) {
          LdapQuery query = new LdapQuery(
              groupBase, schema.groupScope, filter, returnAttrs);
          for (LdapQuery.Result res : query.query(ctx, params)) {
-            out.add(groupReference(res));
+            out.add(groupReference(schema.groupName, res));
          }
        }
      } finally {
--- a/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapRealm.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapRealm.java
@@ -167,7 +167,7 @@ class LdapRealm implements Realm {
    return !readOnlyAccountFields.contains(field);
  }

-  private static String apply(ParameterizedString p, LdapQuery.Result m)
+  static String apply(ParameterizedString p, LdapQuery.Result m)
      throws NamingException {
    if (p == null) {
      return null;
--- a/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapType.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapType.java
@@ -36,6 +36,8 @@ abstract class LdapType {

  abstract String groupMemberPattern();

+  abstract String groupName();
+
  abstract String accountFullName();

  abstract String accountEmailAddress();
@@ -57,6 +59,11 @@ abstract class LdapType {
      return "(memberUid=${username})";
    }

+    @Override
+    String groupName() {
+      return "cn";
+    }
+
    @Override
    String accountFullName() {
      return "displayName";
@@ -100,6 +107,11 @@ abstract class LdapType {
      return "(&(objectClass=group)(cn=${groupname}))";
    }

+    @Override
+    String groupName() {
+      return "cn";
+    }
+
    @Override
    String groupMemberPattern() {
      return null; // Active Directory uses memberOf in the account