Gitblit devel
parent: 756117ad | patch | commit | ignore whitespace
Steffen Gebert
2012-08-09 845b532f90092638606c71a446bef10e5a45f3af 
StartTLS is not supported in LdapUserService (issue-122)

By providing an URL in the format "ldap+tls://ldapserver.example.com",
you can now connect to LDAP servers that require StartTLS command.
2 files modified
21 ■■■■■ changed files
distrib/gitblit.properties 2 ●●●●● patch | view | raw | blame | history
src/com/gitblit/LdapUserService.java 19 ●●●● patch | view | raw | blame | history 
 distrib/gitblit.properties


@@ -797,6 +797,8 @@


#







# URL of the LDAP server.



# To use encrypted transport, use either ldaps:// URL for SSL or ldap+tls:// to



# send StartTLS command.



#



# SINCE 1.0.0



realm.ldap.server = ldap://localhost





 src/com/gitblit/LdapUserService.java


@@ -30,12 +30,15 @@


import com.gitblit.utils.ArrayUtils;



import com.gitblit.utils.StringUtils;



import com.unboundid.ldap.sdk.Attribute;



import com.unboundid.ldap.sdk.ExtendedResult;



import com.unboundid.ldap.sdk.LDAPConnection;



import com.unboundid.ldap.sdk.LDAPException;



import com.unboundid.ldap.sdk.LDAPSearchException;



import com.unboundid.ldap.sdk.ResultCode;



import com.unboundid.ldap.sdk.SearchResult;



import com.unboundid.ldap.sdk.SearchResultEntry;



import com.unboundid.ldap.sdk.SearchScope;



import com.unboundid.ldap.sdk.extensions.StartTLSExtendedRequest;



import com.unboundid.util.ssl.SSLUtil;



import com.unboundid.util.ssl.TrustAllTrustManager;







@@ -81,10 +84,22 @@


                if (ldapPort == -1)    // Default Port



                    ldapPort = 389;



                



                return new LDAPConnection(ldapUrl.getHost(), ldapPort, bindUserName, bindPassword);



                LDAPConnection conn = new LDAPConnection(ldapUrl.getHost(), ldapPort, bindUserName, bindPassword);







                if (ldapUrl.getScheme().equalsIgnoreCase("ldap+tls")) {



                    SSLUtil sslUtil = new SSLUtil(new TrustAllTrustManager());







                    ExtendedResult extendedResult = conn.processExtendedOperation(



                        new StartTLSExtendedRequest(sslUtil.createSSLContext()));







                    if (extendedResult.getResultCode() != ResultCode.SUCCESS) {



                        throw new LDAPException(extendedResult.getResultCode());



                    }



                }



                return conn;



            }



        } catch (URISyntaxException e) {



            logger.error("Bad LDAP URL, should be in the form: ldap(s)://<server>:<port>", e);



            logger.error("Bad LDAP URL, should be in the form: ldap(s|+tls)://<server>:<port>", e);



        } catch (GeneralSecurityException e) {



            logger.error("Unable to create SSL Connection", e);



        } catch (LDAPException e) {