(ticket-537) user bindUser for group detection

src/main/java/com/gitblit/auth/LdapAuthProvider.java

@@ -321,7 +321,6 @@ public UserModel authenticate(String username, char[] password) {
 				if (result != null && result.getEntryCount() == 1) {
 					SearchResultEntry loggingInUser = result.getSearchEntries().get(0);
 					String loggingInUserDN = loggingInUser.getDN();
-
 					if (alreadyAuthenticated || isAuthenticated(ldapConnection, loggingInUserDN, new String(password))) {
 						logger.debug("LDAP authenticated: " + username);
 
@@ -438,7 +437,6 @@ private void setUserAttributes(UserModel user, SearchResultEntry userEntry) {
 
 	private void getTeamsFromLdap(LDAPConnection ldapConnection, String simpleUsername, SearchResultEntry loggingInUser, UserModel user) {
 		String loggingInUserDN = loggingInUser.getDN();
-
 		// Clear the users team memberships - we're going to get them from LDAP
 		user.teams.clear();
 
@@ -533,13 +531,22 @@ private SearchResult doSearch(LDAPConnection ldapConnection, String base, boolea
 	}
 
 	private boolean isAuthenticated(LDAPConnection ldapConnection, String userDn, String password) {
+	  LDAPConnection authldapConnection = getLdapConnection();
 		try {
-			// Binding will stop any LDAP-Injection Attacks since the searched-for user needs to bind to that DN
-			ldapConnection.bind(userDn, password);
+			if (settings.getBoolean(Keys.realm.ldap.groupQueryWithUser, false)
+					&& !StringUtils.isEmpty(settings.getString(Keys.realm.ldap.username, "")) ) {
+				// bind authConnection to user 
+				authldapConnection.bind(userDn, password);
+			} else {
+				// Binding will stop any LDAP-Injection Attacks since the searched-for user needs to bind to that DN
+				ldapConnection.bind(userDn, password);
+			}
 			return true;
 		} catch (LDAPException e) {
 			logger.error("Error authenticating user", e);
 			return false;
+		} finally {
+		  authldapConnection.close();
 		}
 	}