From 5a89f81151da70df5bf3a87ca54c3285730d4cb2 Mon Sep 17 00:00:00 2001
From: Thorsten Ludewig <t.ludewig@ostfalia.de>
Date: Wed, 2 Feb 2011 09:26:14 +0100
Subject: [PATCH] check for unique groups

---
 .../auth/ldap/LDAPAuthenticationHandler.java  | 77 ++++++++++++++++++-
 .../java/sonia/scm/auth/ldap/LDAPConfig.java  |  4 +-
 scm-webapp/pom.xml                            |  1 +
 3 files changed, 79 insertions(+), 3 deletions(-)

diff --git a/plugins/scm-auth-ldap-plugin/src/main/java/sonia/scm/auth/ldap/LDAPAuthenticationHandler.java b/plugins/scm-auth-ldap-plugin/src/main/java/sonia/scm/auth/ldap/LDAPAuthenticationHandler.java
index 5c81c211a8..32311a3b64 100644
--- a/plugins/scm-auth-ldap-plugin/src/main/java/sonia/scm/auth/ldap/LDAPAuthenticationHandler.java
+++ b/plugins/scm-auth-ldap-plugin/src/main/java/sonia/scm/auth/ldap/LDAPAuthenticationHandler.java
@@ -56,11 +56,14 @@ import java.io.IOException;
 
 import java.text.MessageFormat;
 
+import java.util.ArrayList;
+import java.util.List;
 import java.util.Properties;
 
 import javax.naming.Context;
 import javax.naming.NamingEnumeration;
 import javax.naming.NamingException;
+import javax.naming.directory.Attribute;
 import javax.naming.directory.Attributes;
 import javax.naming.directory.DirContext;
 import javax.naming.directory.InitialDirContext;
@@ -172,7 +175,44 @@ public class LDAPAuthenticationHandler implements AuthenticationHandler
                 (String) userAttributes.get(
                   config.getAttributeNameMail()).get());
             user.setType(TYPE);
-            result = new AuthenticationResult(user);
+
+            //
+            ArrayList<String> groups = new ArrayList<String>();
+
+            searchControls = new SearchControls();
+            searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
+            searchControls.setReturningAttributes(new String[] { "cn" });
+            baseDn = config.getUnitGroup() + "," + config.getBaseDn();
+
+            NamingEnumeration<SearchResult> searchResult2 =
+              context.search(baseDn,
+                             "(&(objectClass=groupOfUniqueNames)(uniqueMember="
+                             + userDn + "))", searchControls);
+
+            //
+
+            while (searchResult2.hasMore())
+            {
+              SearchResult sr2 = searchResult2.next();
+              Attributes groupAttributes = sr2.getAttributes();
+              Attribute cnAttribute = groupAttributes.get("cn");
+
+              if (cnAttribute != null)
+              {
+                String cn = (String) cnAttribute.get();
+
+                if ((cn != null) && (cn.trim().length() > 0))
+                {
+                  groups.add(cn);
+                }
+              }
+            }
+
+            //
+            user.setAdmin(isAdmin(user.getName(), groups));
+
+            //
+            result = new AuthenticationResult(user, groups);
           }
           catch (NamingException ex)
           {
@@ -328,6 +368,41 @@ public class LDAPAuthenticationHandler implements AuthenticationHandler
     ldapProperties.put("java.naming.ldap.version", "3");
   }
 
+  //~--- get methods ----------------------------------------------------------
+
+  /**
+   * Method description
+   *
+   *
+   * @param userName
+   * @param groups
+   *
+   * @return
+   */
+  private boolean isAdmin(String userName, List<String> groups)
+  {
+    boolean admin = false;
+
+    if (config.getAdminUserSet().contains(userName))
+    {
+      admin = true;
+    }
+    else
+    {
+      for (String group : groups)
+      {
+        if (config.getAdminGroupSet().contains(group))
+        {
+          admin = true;
+
+          break;
+        }
+      }
+    }
+
+    return admin;
+  }
+
   //~--- fields ---------------------------------------------------------------
 
   /** Field description */
diff --git a/plugins/scm-auth-ldap-plugin/src/main/java/sonia/scm/auth/ldap/LDAPConfig.java b/plugins/scm-auth-ldap-plugin/src/main/java/sonia/scm/auth/ldap/LDAPConfig.java
index e2431bed1f..bd914ade2c 100644
--- a/plugins/scm-auth-ldap-plugin/src/main/java/sonia/scm/auth/ldap/LDAPConfig.java
+++ b/plugins/scm-auth-ldap-plugin/src/main/java/sonia/scm/auth/ldap/LDAPConfig.java
@@ -274,7 +274,7 @@ public class LDAPConfig
     {
       if (token.trim().length() > 0)
       {
-        tokens.add(token);
+        tokens.add(token.trim());
       }
     }
 
@@ -285,7 +285,7 @@ public class LDAPConfig
 
   /** Field description */
   @XmlElement(name = "admin-groups")
-  private String adminGroups = "cn=scm-admin,cn=dev-admin";
+  private String adminGroups = "scm-admin,dev-admin";
 
   /** Field description */
   @XmlElement(name = "admin-nsrole-dn")
diff --git a/scm-webapp/pom.xml b/scm-webapp/pom.xml
index 7532bcff81..ba5a653123 100644
--- a/scm-webapp/pom.xml
+++ b/scm-webapp/pom.xml
@@ -233,6 +233,7 @@
     <aether.version>1.9</aether.version>
     <wagon.version>1.0-beta-7</wagon.version>
     <maven.version>3.0.2</maven.version>
+    <netbeans.hint.deploy.server>Tomcat60</netbeans.hint.deploy.server>
   </properties>
 
   <profiles>