Add inhibitInferRootDN to LDAP module. This allows rootDN to be blank, import for some broken AD servers accessed via LDAP.

Originally-Committed-As: 9d43b581fd6a5c3f8585503a1bc464db720da8e0

core/src/main/java/hudson/security/LDAPSecurityRealm.java

@@ -222,6 +222,12 @@ public class LDAPSecurityRealm extends AbstractPasswordBasedSecurityRealm {
      */
     public final String rootDN;
 
+    /**
+     * Allow the rootDN to be inferred? Default is false.
+     * If true, allow rootDN to be blank.
+     */
+    public final boolean inhibitInferRootDN;
+
     /**
      * Specifies the relative DN from {@link #rootDN the root DN}.
      * This is used to narrow down the search space when doing user search.
@@ -281,11 +287,12 @@ public class LDAPSecurityRealm extends AbstractPasswordBasedSecurityRealm {
     private transient LdapTemplate ldapTemplate;
 
     @DataBoundConstructor
-    public LDAPSecurityRealm(String server, String rootDN, String userSearchBase, String userSearch, String groupSearchBase, String managerDN, String managerPassword) {
+    public LDAPSecurityRealm(String server, String rootDN, String userSearchBase, String userSearch, String groupSearchBase, String managerDN, String managerPassword, boolean inhibitInferRootDN) {
         this.server = server.trim();
         this.managerDN = fixEmpty(managerDN);
         this.managerPassword = Scrambler.scramble(fixEmpty(managerPassword));
-        if(fixEmptyAndTrim(rootDN)==null)    rootDN= fixNull(inferRootDN(server));
+        this.inhibitInferRootDN = inhibitInferRootDN;
+        if(!inhibitInferRootDN && fixEmptyAndTrim(rootDN)==null) rootDN= fixNull(inferRootDN(server));
         this.rootDN = rootDN.trim();
         this.userSearchBase = fixNull(userSearchBase).trim();
         userSearch = fixEmptyAndTrim(userSearch);

core/src/main/resources/hudson/security/LDAPSecurityRealm/config.jelly

@@ -31,6 +31,8 @@ THE SOFTWARE.
   <f:advanced>
     <f:entry title="${%root DN}" help="/help/security/ldap/rootDN.html">
       <f:textbox name="ldap.rootDN" value="${instance.rootDN}" />
+      <f:checkbox name="ldap.inhibitInferRootDN" checked="${instance.inhibitInferRootDN}"
+        title="${%Allow blank rootDN}"/>
     </f:entry>
     <f:entry title="${%User search base}" help="/help/security/ldap/userSearchBase.html">
       <f:textbox name="ldap.userSearchBase" value="${instance.userSearchBase}" />

test/src/test/groovy/hudson/security/LDAPSecurityRealmTest.groovy

@@ -42,7 +42,7 @@ public class LDAPSecurityRealmTest extends HudsonTestCase {
      * basic syntax errors and such.
      */
     void testGroovyBeanDef() {
-        hudson.securityRealm = new LDAPSecurityRealm("ldap.itd.umich.edu",null,null,null,null,null,null);
+        hudson.securityRealm = new LDAPSecurityRealm("ldap.itd.umich.edu",null,null,null,null,null,null,null);
         println hudson.securityRealm.securityComponents // force the component creation
     }
 
@@ -65,4 +65,4 @@ public class LDAPSecurityRealmTest extends HudsonTestCase {
         assertSame(d1.attributes,d3.attributes);
         assertNotSame(d1.attributes,d2.attributes);
     }
-}
+}