From bbcdae89b42d65765552ee8c0d1c90aa23e3c985 Mon Sep 17 00:00:00 2001
From: kohsuke <kohsuke@71c3de6d-444a-0410-be80-ed276b4c234a>
Date: Thu, 29 Jan 2009 17:29:26 +0000
Subject: [PATCH] DeferredCreationLdapAuthoritiesPopulator is no longer
 necessary because filters are now created after SecurityRealm is prepared.

git-svn-id: https://hudson.dev.java.net/svn/hudson/trunk/hudson/main@14872 71c3de6d-444a-0410-be80-ed276b4c234a

Originally-Committed-As: 3beed588ad53269bf8f32e49ff84eed8572093f5
---
 .../main/java/hudson/security/LDAPSecurityRealm.java   | 10 ----------
 .../WEB-INF/security/LDAPBindSecurityRealm.groovy      |  8 +++++---
 2 files changed, 5 insertions(+), 13 deletions(-)

diff --git a/core/src/main/java/hudson/security/LDAPSecurityRealm.java b/core/src/main/java/hudson/security/LDAPSecurityRealm.java
index c8b6375..52715b7 100644
--- a/core/src/main/java/hudson/security/LDAPSecurityRealm.java
+++ b/core/src/main/java/hudson/security/LDAPSecurityRealm.java
@@ -176,7 +176,6 @@ public class LDAPSecurityRealm extends SecurityRealm {
         BeanBuilder builder = new BeanBuilder();
         builder.parse(Hudson.getInstance().servletContext.getResourceAsStream("/WEB-INF/security/LDAPBindSecurityRealm.groovy"),binding);
         final WebApplicationContext appContext = builder.createApplicationContext();
-        correctAuthoritiesPopulator(appContext);
 
         return new SecurityComponents(
             findBean(AuthenticationManager.class, appContext),
@@ -193,15 +192,6 @@ public class LDAPSecurityRealm extends SecurityRealm {
             });
     }
 
-    /**
-     * Adjust the authoritiesPopulator bean to have the correct groupSearchBase
-     * @param appContext 
-     */
-    private void correctAuthoritiesPopulator(WebApplicationContext appContext) {
-        DeferredCreationLdapAuthoritiesPopulator factory = (DeferredCreationLdapAuthoritiesPopulator) appContext.getBean("authoritiesPopulator");
-        factory.setGroupSearchBase(groupSearchBase==null ? "" : groupSearchBase);
-    }
-    
     /**
      * If the security realm is LDAP, try to pick up e-mail address from LDAP.
      */
diff --git a/war/resources/WEB-INF/security/LDAPBindSecurityRealm.groovy b/war/resources/WEB-INF/security/LDAPBindSecurityRealm.groovy
index ec791fe..a350865 100644
--- a/war/resources/WEB-INF/security/LDAPBindSecurityRealm.groovy
+++ b/war/resources/WEB-INF/security/LDAPBindSecurityRealm.groovy
@@ -6,7 +6,8 @@ import org.acegisecurity.ldap.DefaultInitialDirContextFactory
 import org.acegisecurity.ldap.search.FilterBasedLdapUserSearch
 import org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider
 import hudson.model.Hudson
-import hudson.security.DeferredCreationLdapAuthoritiesPopulator
+import org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator
+import hudson.Util
 
 /*
     Configure LDAP as the authentication realm.
@@ -35,8 +36,9 @@ bindAuthenticator(BindAuthenticator2,initialDirContextFactory) {
     userSearch = ldapUserSearch;
 }
 
-authoritiesPopulator(DeferredCreationLdapAuthoritiesPopulator,initialDirContextFactory,"") {
-  // groupRoleAttribute = "ou";
+authoritiesPopulator(DefaultLdapAuthoritiesPopulator, initialDirContextFactory, Util.fixNull(instance.groupSearchBase)) {
+    // see DefaultLdapAuthoritiesPopulator for other possible configurations
+    searchSubtree = true;
 }
 
 authenticationManager(ProviderManager) {