SEC-963: LDAP Group Search Root

http://jira.springframework.org/browse/SEC-963. Changed namespace instances of DefaultAuthoritiesPopulator to use the root as the default search location.

core/src/main/java/org/springframework/security/config/LdapUserServiceBeanDefinitionParser.java

@@ -23,7 +23,7 @@ public class LdapUserServiceBeanDefinitionParser extends AbstractUserDetailsServ
     public static final String ATT_GROUP_SEARCH_BASE = "group-search-base";
     public static final String ATT_GROUP_ROLE_ATTRIBUTE = "group-role-attribute";
     public static final String DEF_GROUP_SEARCH_FILTER = "(uniqueMember={0})";
-    public static final String DEF_GROUP_SEARCH_BASE = "ou=groups";
+    public static final String DEF_GROUP_SEARCH_BASE = "";
 
     static final String ATT_ROLE_PREFIX = "role-prefix";
     static final String ATT_USER_CLASS = "user-details-class";

core/src/main/resources/org/springframework/security/config/spring-security-2.0.4.rnc

@@ -89,7 +89,7 @@ group-search-filter-attribute =
     ## Group search filter. Defaults to (uniqueMember={0}). The substituted parameter is the DN of the user.
     attribute group-search-filter {xsd:string}
 group-search-base-attribute = 
-    ## Search base for group membership searches. Defaults to "ou=groups".
+    ## Search base for group membership searches. Defaults to "" (searching from the root).
     attribute group-search-base {xsd:string}
 user-search-filter-attribute =
     ## The LDAP filter used to search for users (optional). For example "(uid={0})". The substituted parameter is the user's login name.

core/src/main/resources/org/springframework/security/config/spring-security-2.0.xsd

@@ -222,7 +222,7 @@
     <xs:attribute name="group-search-base" use="required" type="xs:string">
       <xs:annotation>
         <xs:documentation>Search base for group membership searches. Defaults to
-        "ou=groups".</xs:documentation>
+          "" (searching from the root).</xs:documentation>
       </xs:annotation>
     </xs:attribute>
   </xs:attributeGroup>