From e4b0ae020290abfff26ef8b8f35485d277e4da62 Mon Sep 17 00:00:00 2001
From: j3rem1e <jeremie.brebec@gmail.com>
Date: Thu, 27 Mar 2014 09:16:53 -0400
Subject: [PATCH] LDAP: Authenticated Searches without a manager password

---
 src/main/java/com/gitblit/auth/WindowsAuthProvider.java |    8 +++++---
 1 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/main/java/com/gitblit/auth/WindowsAuthProvider.java b/src/main/java/com/gitblit/auth/WindowsAuthProvider.java
index 93cae04..ac15b28 100644
--- a/src/main/java/com/gitblit/auth/WindowsAuthProvider.java
+++ b/src/main/java/com/gitblit/auth/WindowsAuthProvider.java
@@ -158,9 +158,11 @@
        		groupNames.add(group.getFqn());
         }
 
-        if (groupNames.contains("BUILTIN\\Administrators")) {
-        	// local administrator
-        	user.canAdmin = true;
+       	if (settings.getBoolean(Keys.realm.windows.permitBuiltInAdministrators, true)) {
+       		if (groupNames.contains("BUILTIN\\Administrators")) {
+       			// local administrator
+       			user.canAdmin = true;
+       		}
         }
 
         // TODO consider mapping Windows groups to teams

--
Gitblit v1.9.1