diff --git a/src/main/distrib/data/gitblit.properties b/src/main/distrib/data/gitblit.properties index 70a6c6e64..15e2bec3b 100644 --- a/src/main/distrib/data/gitblit.properties +++ b/src/main/distrib/data/gitblit.properties @@ -1516,6 +1516,15 @@ realm.ldap.username = cn=Directory Manager # SINCE 1.0.0 realm.ldap.password = password +# Bind pattern for Authentication. +# +# Allow to authenticate an user without LDAP Searches. +# +# e.g. CN=${username},OU=Users,OU=UserControl,OU=MyOrganization,DC=MyDomain +# +realm.ldap.bindpattern = + + # Delegate team membership control to LDAP. # # If true, team user memberships will be specified by LDAP groups. This will diff --git a/src/main/java/com/gitblit/auth/LdapAuthProvider.java b/src/main/java/com/gitblit/auth/LdapAuthProvider.java index 3a688d83d..892f30baf 100644 --- a/src/main/java/com/gitblit/auth/LdapAuthProvider.java +++ b/src/main/java/com/gitblit/auth/LdapAuthProvider.java @@ -294,6 +294,20 @@ public UserModel authenticate(String username, char[] password) { LDAPConnection ldapConnection = getLdapConnection(); if (ldapConnection != null) { try { + boolean alreadyAuthenticated = false; + + String bindPattern = settings.getString(Keys.realm.ldap.bindpattern, ""); + if (!StringUtils.isEmpty(bindPattern)) { + try { + String bindUser = StringUtils.replace(bindPattern, "${username}", simpleUsername); + ldapConnection.bind(bindUser, new String(password)); + + alreadyAuthenticated = true; + } catch (LDAPException e) { + return null; + } + } + // Find the logging in user's DN String accountBase = settings.getString(Keys.realm.ldap.accountBase, ""); String accountPattern = settings.getString(Keys.realm.ldap.accountPattern, "(&(objectClass=person)(sAMAccountName=${username}))"); @@ -304,7 +318,7 @@ public UserModel authenticate(String username, char[] password) { SearchResultEntry loggingInUser = result.getSearchEntries().get(0); String loggingInUserDN = loggingInUser.getDN(); - if (isAuthenticated(ldapConnection, loggingInUserDN, new String(password))) { + if (alreadyAuthenticated || isAuthenticated(ldapConnection, loggingInUserDN, new String(password))) { logger.debug("LDAP authenticated: " + username); UserModel user = null;