| commit | bfb522f79240f4baf3398952998bded95a804af2 | [log] [tgz] |
|---|---|---|
| author | Antonio Barone <syntonyze@gmail.com> | Tue Dec 09 12:42:11 2025 +0100 |
| committer | Antonio Barone <syntonyze@gmail.com> | Wed Dec 10 15:43:31 2025 +0100 |
| tree | 522aec574663fcab8bf28368ab1a7ab45001e66f | |
| parent | dc2b67185694c220a95525b6aeb717e663075e3c [diff] |
Use LDAP username in HTTP URLs when gitBasicAuthPolicy=LDAP When Gerrit is configured with `gitBasicAuthPolicy = LDAP`, Git-over-HTTP authentication is performed directly against the LDAP backend. In this mode, the LDAP login name (not the Gerrit username) is the credential that must be used for HTTP BasicAuth to succeed. However, the download-commands plugin previously embedded the Gerrit username in generated HTTP clone URLs, regardless of authentication policy. This change updates `HttpScheme` to select the LDAP login name (the `gerrit:` external ID) whenever `gitBasicAuthPolicy` is set to `LDAP`. If no LDAP username exists, or LDAP authentication is not active, the existing behavior is preserved and the Gerrit username continues to be used. This ensures that download commands always embed a username that can actually authenticate under the configured Git-over-HTTP authentication policy. Bug: Issue 466122136 Change-Id: I267b9ca01045056e540bd928d649321bb6c9ddc1
All documentation may be found under src/main/resources/Documentation/.