SEC-963: LDAP Group Search Root

http://jira.springframework.org/browse/SEC-963. Changed namespace instances of DefaultAuthoritiesPopulator to use the root as the default search location.

core/src/main/java/org/springframework/security/config/LdapUserServiceBeanDefinitionParser.java

@@ -23,7 +23,7 @@ public class LdapUserServiceBeanDefinitionParser extends AbstractUserDetailsServ
     public static final String ATT_GROUP_SEARCH_BASE = "group-search-base";
     public static final String ATT_GROUP_ROLE_ATTRIBUTE = "group-role-attribute";
     public static final String DEF_GROUP_SEARCH_FILTER = "(uniqueMember={0})";
-    public static final String DEF_GROUP_SEARCH_BASE = "ou=groups";
+    public static final String DEF_GROUP_SEARCH_BASE = "";
 
     static final String ATT_ROLE_PREFIX = "role-prefix";
     static final String ATT_USER_CLASS = "user-details-class";
@@ -94,14 +94,14 @@ public class LdapUserServiceBeanDefinitionParser extends AbstractUserDetailsServ
     }
 
     static RootBeanDefinition parseUserDetailsClass(Element elt, ParserContext parserContext) {
-    	String userDetailsClass = elt.getAttribute(ATT_USER_CLASS);
+        String userDetailsClass = elt.getAttribute(ATT_USER_CLASS);
 
-    	if (OPT_PERSON.equals(userDetailsClass)) {
+        if (OPT_PERSON.equals(userDetailsClass)) {
-    		return new RootBeanDefinition(PERSON_MAPPER_CLASS, null, null);
+            return new RootBeanDefinition(PERSON_MAPPER_CLASS, null, null);
-    	} else if (OPT_INETORGPERSON.equals(userDetailsClass)) {
+        } else if (OPT_INETORGPERSON.equals(userDetailsClass)) {
-    		return new RootBeanDefinition(INET_ORG_PERSON_MAPPER_CLASS, null, null);
+            return new RootBeanDefinition(INET_ORG_PERSON_MAPPER_CLASS, null, null);
-    	}
+        }
-    	return new RootBeanDefinition(LDAP_USER_MAPPER_CLASS, null, null);
+        return new RootBeanDefinition(LDAP_USER_MAPPER_CLASS, null, null);
     }
 
     static RootBeanDefinition parseAuthoritiesPopulator(Element elt, ParserContext parserContext) {

core/src/main/resources/org/springframework/security/config/spring-security-2.0.4.rnc

@@ -89,7 +89,7 @@ group-search-filter-attribute =
     ## Group search filter. Defaults to (uniqueMember={0}). The substituted parameter is the DN of the user.
     attribute group-search-filter {xsd:string}
 group-search-base-attribute = 
-    ## Search base for group membership searches. Defaults to "ou=groups".
+    ## Search base for group membership searches. Defaults to "" (searching from the root).
     attribute group-search-base {xsd:string}
 user-search-filter-attribute =
     ## The LDAP filter used to search for users (optional). For example "(uid={0})". The substituted parameter is the user's login name.

core/src/main/resources/org/springframework/security/config/spring-security-2.0.xsd

@@ -222,7 +222,7 @@
     <xs:attribute name="group-search-base" use="required" type="xs:string">
       <xs:annotation>
         <xs:documentation>Search base for group membership searches. Defaults to
-        "ou=groups".</xs:documentation>
+          "" (searching from the root).</xs:documentation>
       </xs:annotation>
     </xs:attribute>
   </xs:attributeGroup>