Rather than depending on ldap, bundle acegi-security directly, thus i…

…nsulated from a release of jenkinsci/ldap-plugin#49

pom.xml

@@ -52,10 +52,59 @@
             <artifactId>jenkins-core</artifactId>
             <version>${jenkins.version}</version>
         </dependency>
+        <dependency> <!-- for compatibility with https://github.com/jenkinsci/jenkins/pull/4848 -->
+            <groupId>org.acegisecurity</groupId>
+            <artifactId>acegi-security</artifactId>
+            <version>1.0.7</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>commons-codec</groupId>
+                    <artifactId>commons-codec</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>commons-collections</groupId>
+                    <artifactId>commons-collections</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>commons-lang</groupId>
+                    <artifactId>commons-lang</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.springframework</groupId>
+                    <artifactId>spring-core</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.springframework</groupId>
+                    <artifactId>spring-jdbc</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.springframework</groupId>
+                    <artifactId>spring-remoting</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.springframework</groupId>
+                    <artifactId>spring-support</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
         <dependency>
-            <groupId>org.jenkins-ci.plugins</groupId>
-            <artifactId>ldap</artifactId>
-            <version>1.26</version>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-dao</artifactId>
+            <version>1.2.9</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.springframework</groupId>
+                    <artifactId>spring-beans</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.springframework</groupId>
+                    <artifactId>spring-context</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.springframework</groupId>
+                    <artifactId>spring-core</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>org.jenkins-ci.plugins</groupId>

src/main/java/org/acegisecurity/providers/ldap/authenticator/BindAuthenticator2.java

@@ -0,0 +1,62 @@
+/*
+ * The MIT License
+ *
+ * Copyright (c) 2004-2009, Sun Microsystems, Inc., Kohsuke Kawaguchi
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+package org.acegisecurity.providers.ldap.authenticator;
+
+import org.acegisecurity.ldap.InitialDirContextFactory;
+import org.acegisecurity.userdetails.ldap.LdapUserDetails;
+
+import java.util.logging.Logger;
+import java.util.logging.Level;
+
+/**
+ * {@link BindAuthenticator} with improved diagnostics.
+ *
+ * @author Kohsuke Kawaguchi
+ */
+public class BindAuthenticator2 extends BindAuthenticator {
+    /**
+     * If we ever had a successful authentication,
+     */
+    private boolean hadSuccessfulAuthentication;
+
+    public BindAuthenticator2(InitialDirContextFactory initialDirContextFactory) {
+        super(initialDirContextFactory);
+    }
+
+    @Override
+    public LdapUserDetails authenticate(String username, String password) {
+        LdapUserDetails user = super.authenticate(username, password);
+        hadSuccessfulAuthentication = true;
+        return user;
+    }
+
+    @Override
+    void handleBindException(String userDn, String username, Throwable cause) {
+        LOGGER.log(hadSuccessfulAuthentication? Level.FINE : Level.WARNING,
+            "Failed to bind to LDAP: userDn"+userDn+"  username="+username,cause);
+        super.handleBindException(userDn, username, cause);
+    }
+
+    private static final Logger LOGGER = Logger.getLogger(BindAuthenticator2.class.getName());
+}

src/main/java/org/jenkinsci/plugins/reverse_proxy_auth/ReverseProxySecurityRealm.java

@@ -123,7 +123,7 @@ public class ReverseProxySecurityRealm extends SecurityRealm {
 	 * WANTED: The specification of the syntax.
 	 */
 	@SuppressFBWarnings(value = "MS_SHOULD_BE_FINAL", justification = "May be used in system groovy scripts")
-	public static String GROUP_SEARCH = System.getProperty(LDAPSecurityRealm.class.getName()+".groupSearch",
+	public static String GROUP_SEARCH = System.getProperty("hudson.security.LDAPSecurityRealm.groupSearch",
 			"(& (cn={0}) (| (objectclass=groupOfNames) (objectclass=groupOfUniqueNames) (objectclass=posixGroup)))");
 
 	/**