Issue 13280: Allow ldap.accountPattern configuration
Currently ldap.accountPattern is hardcoded to
(&(objectClass=person)(uid=${username})). Allowing accountPattern
configuration gives flexibility to change query when LDAP tree
is different than the default.
Feature: Issue 13280
Change-Id: I0cc24a69ce1a8564125f0de3713e9799755b5bb4
diff --git a/Configuration.md b/Configuration.md
index 9afdbb4..bfd73e1 100644
--- a/Configuration.md
+++ b/Configuration.md
@@ -86,6 +86,10 @@
See [Gerrit documentation](https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#ldap.accountBase)
* `LDAP_GROUP_BASE`: Mandatory. Root of the tree containing all group objects
See [Gerrit documentation](https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#ldap.groupBase)
+* `LDAP_ACCOUNT_PATTERN`: Optional. Query pattern to use when searching for a user account. If parameters is
+ setup in setup.env configuration file, '$' needs to be escaped with '$$$$', for example (&(objectClass=person)(uid=$$$${username}))
+ See [Gerrit documentation](https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#ldap.accountPattern)
+ Default: (&(objectClass=person)(uid=$$$${username}))
#### SMTP
diff --git a/dual-master/Makefile b/dual-master/Makefile
index a8d9113..85de91e 100644
--- a/dual-master/Makefile
+++ b/dual-master/Makefile
@@ -54,6 +54,9 @@
ifdef GERRIT_MASTER1_INSTANCE_ID
$(eval MASTER1_SERVICE_OPTIONAL_PARAMS := $(MASTER1_SERVICE_OPTIONAL_PARAMS) ParameterKey=InstanceId,ParameterValue=$(GERRIT_MASTER1_INSTANCE_ID))
endif
+ifdef LDAP_ACCOUNT_PATTERN
+ $(eval MASTER1_SERVICE_OPTIONAL_PARAMS := $(MASTER1_SERVICE_OPTIONAL_PARAMS) ParameterKey=LDAPAccountPattern,ParameterValue=\"$(LDAP_ACCOUNT_PATTERN)\")
+endif
$(AWS_FC_COMMAND) create-stack \
--stack-name $(SERVICE_MASTER1_STACK_NAME) \
@@ -99,6 +102,9 @@
ifdef GERRIT_MASTER2_INSTANCE_ID
$(eval MASTER2_SERVICE_OPTIONAL_PARAMS := $(MASTER2_SERVICE_OPTIONAL_PARAMS) ParameterKey=InstanceId,ParameterValue=$(GERRIT_MASTER2_INSTANCE_ID))
endif
+ifdef LDAP_ACCOUNT_PATTERN
+ $(eval MASTER2_SERVICE_OPTIONAL_PARAMS := $(MASTER2_SERVICE_OPTIONAL_PARAMS) ParameterKey=LDAPAccountPattern,ParameterValue=\"$(LDAP_ACCOUNT_PATTERN)\")
+endif
$(AWS_FC_COMMAND) create-stack \
--stack-name $(SERVICE_MASTER2_STACK_NAME) \
@@ -145,6 +151,9 @@
ifdef GERRIT_SLAVE_INSTANCE_ID
$(eval SLAVE_SERVICE_OPTIONAL_PARAMS := $(SLAVE_SERVICE_OPTIONAL_PARAMS) ParameterKey=InstanceId,ParameterValue=$(GERRIT_SLAVE_INSTANCE_ID))
endif
+ifdef LDAP_ACCOUNT_PATTERN
+ $(eval SLAVE_SERVICE_OPTIONAL_PARAMS := $(SLAVE_SERVICE_OPTIONAL_PARAMS) ParameterKey=LDAPAccountPattern,ParameterValue=\"$(LDAP_ACCOUNT_PATTERN)\")
+endif
$(AWS_FC_COMMAND) create-stack \
--stack-name $(SERVICE_SLAVE_STACK_NAME) \
diff --git a/dual-master/cf-service-master.yml b/dual-master/cf-service-master.yml
index b7277f0..5605d8d 100644
--- a/dual-master/cf-service-master.yml
+++ b/dual-master/cf-service-master.yml
@@ -151,6 +151,10 @@
LDAPGroupBase:
Description: Root of the tree containing all group objects
Type: String
+ LDAPAccountPattern:
+ Description: Query pattern to use when searching for a user account
+ Type: String
+ Default: (&(objectClass=person)(uid=${username}))
SMTPServer:
Description: SMTP server URL
Type: String
@@ -272,6 +276,8 @@
Value: !Ref LDAPAccountBase
- Name: LDAP_GROUP_BASE
Value: !Ref LDAPGroupBase
+ - Name: LDAP_ACCOUNT_PATTERN
+ Value: !Ref LDAPAccountPattern
- Name: SMTP_SERVER
Value: !Ref SMTPServer
- Name: SMTP_SERVER_PORT
diff --git a/dual-master/cf-service-slave.yml b/dual-master/cf-service-slave.yml
index c8ce290..a68e916 100644
--- a/dual-master/cf-service-slave.yml
+++ b/dual-master/cf-service-slave.yml
@@ -133,6 +133,10 @@
LDAPGroupBase:
Description: Root of the tree containing all group objects
Type: String
+ LDAPAccountPattern:
+ Description: Query pattern to use when searching for a user account
+ Type: String
+ Default: (&(objectClass=person)(uid=${username}))
InstanceId:
Description: Optional identifier for the Gerrit instance
Type: String
@@ -231,6 +235,8 @@
Value: !Ref LDAPAccountBase
- Name: LDAP_GROUP_BASE
Value: !Ref LDAPGroupBase
+ - Name: LDAP_ACCOUNT_PATTERN
+ Value: !Ref LDAPAccountPattern
- Name: GERRIT_INSTANCE_ID
Value: !Ref InstanceId
- Name: METRICS_CLOUDWATCH_ENABLED
diff --git a/gerrit/etc/gerrit.config.template b/gerrit/etc/gerrit.config.template
index df1d045..772fa8c 100644
--- a/gerrit/etc/gerrit.config.template
+++ b/gerrit/etc/gerrit.config.template
@@ -21,7 +21,7 @@
server = {{ LDAP_SERVER }}
username = {{ LDAP_USERNAME }}
accountBase = {{ LDAP_ACCOUNT_BASE }}
- accountPattern = (&(objectClass=person)(uid=${username}))
+ accountPattern = {{ LDAP_ACCOUNT_PATTERN }}
accountFullName = displayName
accountEmailAddress = mail
groupBase = {{ LDAP_GROUP_BASE }}
diff --git a/gerrit/setup_gerrit.py b/gerrit/setup_gerrit.py
index 61654a0..18ce4fd 100755
--- a/gerrit/setup_gerrit.py
+++ b/gerrit/setup_gerrit.py
@@ -141,6 +141,7 @@
'LDAP_USERNAME': os.getenv('LDAP_USERNAME'),
'LDAP_ACCOUNT_BASE': os.getenv('LDAP_ACCOUNT_BASE'),
'LDAP_GROUP_BASE': os.getenv('LDAP_GROUP_BASE'),
+ 'LDAP_ACCOUNT_PATTERN': os.getenv('LDAP_ACCOUNT_PATTERN'),
'SMTP_SERVER': os.getenv('SMTP_SERVER'),
'SMTP_SERVER_PORT': os.getenv('SMTP_SERVER_PORT'),
'SMTP_USER': os.getenv('SMTP_USER'),
diff --git a/master-slave/Makefile b/master-slave/Makefile
index 1d6cbea..03e06c7 100644
--- a/master-slave/Makefile
+++ b/master-slave/Makefile
@@ -48,6 +48,9 @@
ifdef GERRIT_MASTER_INSTANCE_ID
$(eval MASTER_SERVICE_OPTIONAL_PARAMS := $(MASTER_SERVICE_OPTIONAL_PARAMS) ParameterKey=InstanceId,ParameterValue=$(GERRIT_MASTER_INSTANCE_ID))
endif
+ifdef LDAP_ACCOUNT_PATTERN
+ $(eval MASTER_SERVICE_OPTIONAL_PARAMS := $(MASTER_SERVICE_OPTIONAL_PARAMS) ParameterKey=LDAPAccountPattern,ParameterValue=\"$(LDAP_ACCOUNT_PATTERN)\")
+endif
$(AWS_FC_COMMAND) create-stack \
--stack-name $(SERVICE_MASTER_STACK_NAME) \
@@ -87,6 +90,9 @@
ifdef GERRIT_SLAVE_INSTANCE_ID
$(eval SLAVE_SERVICE_OPTIONAL_PARAMS := $(SLAVE_SERVICE_OPTIONAL_PARAMS) ParameterKey=InstanceId,ParameterValue=$(GERRIT_SLAVE_INSTANCE_ID))
endif
+ifdef LDAP_ACCOUNT_PATTERN
+ $(eval SLAVE_SERVICE_OPTIONAL_PARAMS := $(SLAVE_SERVICE_OPTIONAL_PARAMS) ParameterKey=LDAPAccountPattern,ParameterValue=\"$(LDAP_ACCOUNT_PATTERN)\")
+endif
$(AWS_FC_COMMAND) create-stack \
--stack-name $(SERVICE_SLAVE_STACK_NAME) \
diff --git a/master-slave/cf-service-master.yml b/master-slave/cf-service-master.yml
index 6f9050f..f1e7e95 100644
--- a/master-slave/cf-service-master.yml
+++ b/master-slave/cf-service-master.yml
@@ -126,6 +126,10 @@
LDAPGroupBase:
Description: Root of the tree containing all group objects
Type: String
+ LDAPAccountPattern:
+ Description: Query pattern to use when searching for a user account
+ Type: String
+ Default: (&(objectClass=person)(uid=${username}))
SMTPServer:
Description: SMTP server URL
Type: String
@@ -239,6 +243,8 @@
Value: !Ref LDAPAccountBase
- Name: LDAP_GROUP_BASE
Value: !Ref LDAPGroupBase
+ - Name: LDAP_ACCOUNT_PATTERN
+ Value: !Ref LDAPAccountPattern
- Name: SMTP_SERVER
Value: !Ref SMTPServer
- Name: SMTP_SERVER_PORT
diff --git a/master-slave/cf-service-slave.yml b/master-slave/cf-service-slave.yml
index 6afa666..6449b5a 100644
--- a/master-slave/cf-service-slave.yml
+++ b/master-slave/cf-service-slave.yml
@@ -138,6 +138,10 @@
LDAPGroupBase:
Description: Root of the tree containing all group objects
Type: String
+ LDAPAccountPattern:
+ Description: Query pattern to use when searching for a user account
+ Type: String
+ Default: (&(objectClass=person)(uid=${username}))
InstanceId:
Description: Optional identifier for the Gerrit instance
Type: String
@@ -236,6 +240,8 @@
Value: !Ref LDAPAccountBase
- Name: LDAP_GROUP_BASE
Value: !Ref LDAPGroupBase
+ - Name: LDAP_ACCOUNT_PATTERN
+ Value: !Ref LDAPAccountPattern
- Name: GERRIT_INSTANCE_ID
Value: !Ref InstanceId
- Name: METRICS_CLOUDWATCH_ENABLED
diff --git a/single-master/Makefile b/single-master/Makefile
index 9fd0ebf..e939129 100644
--- a/single-master/Makefile
+++ b/single-master/Makefile
@@ -44,6 +44,9 @@
ifdef GERRIT_INSTANCE_ID
$(eval SERVICE_OPTIONAL_PARAMS := $(SERVICE_OPTIONAL_PARAMS) ParameterKey=InstanceId,ParameterValue=$(GERRIT_INSTANCE_ID))
endif
+ifdef LDAP_ACCOUNT_PATTERN
+ $(eval SERVICE_OPTIONAL_PARAMS := $(SERVICE_OPTIONAL_PARAMS) ParameterKey=LDAPAccountPattern,ParameterValue=\"$(LDAP_ACCOUNT_PATTERN)\")
+endif
$(AWS_FC_COMMAND) create-stack \
--stack-name $(SERVICE_STACK_NAME) \
diff --git a/single-master/cf-service.yml b/single-master/cf-service.yml
index 9c80353..99cab14 100644
--- a/single-master/cf-service.yml
+++ b/single-master/cf-service.yml
@@ -108,6 +108,10 @@
LDAPGroupBase:
Description: Root of the tree containing all group objects
Type: String
+ LDAPAccountPattern:
+ Description: Query pattern to use when searching for a user account
+ Type: String
+ Default: (&(objectClass=person)(uid=${username}))
SMTPServer:
Description: SMTP server URL
Type: String
@@ -219,6 +223,8 @@
Value: !Ref LDAPUsername
- Name: LDAP_ACCOUNT_BASE
Value: !Ref LDAPAccountBase
+ - Name: LDAP_ACCOUNT_PATTERN
+ Value: !Ref LDAPAccountPattern
- Name: LDAP_GROUP_BASE
Value: !Ref LDAPGroupBase
- Name: SMTP_SERVER
