LDAP: Allow optional filtering of allowed users

author: Raphael Michel <mail@raphaelmichel.de> 2018-07-22 12:23:49 +0200
committer: Raphael Michel <mail@raphaelmichel.de> 2018-07-23 09:11:55 +0200
commit: fef3ac527c398d179de57361bf27476c504cc061 (patch)
tree: 9076229158b18a7e5a05610abd2701bbc268c2ff /application/libraries
parent: f494eee4a3f9b0eb09f6f9d46fb2e6be40a116e6 (diff)
1 files changed, 10 insertions, 3 deletions
diff --git a/application/libraries/Duser/drivers/Duser_ldap.php b/application/libraries/Duser/drivers/Duser_ldap.php
index f30257364..9481397d0 100644
--- a/application/libraries/Duser/drivers/Duser_ldap.php
+++ b/application/libraries/Duser/drivers/Duser_ldap.php
@@ -30,15 +30,22 @@ class Duser_ldap extends Duser_Driver {
 			ldap_bind($ds, $config['bind_rdn'], $config['bind_password']);
 		}
 		
+		if (isset($config['filter'])) {
+			$filter = sprintf($config['filter'], $username);
+		} else {
+			$filter = $config["username_field"].'='.$username;
+		}
+
+		
 		switch ($config["scope"]) {
 			case "base":
-				$r = ldap_read($ds, $config['basedn'], $config["username_field"].'='.$username);
+				$r = ldap_read($ds, $config['basedn'], $filter);
 				break;
 			case "one":
-				$r = ldap_list($ds, $config['basedn'], $config["username_field"].'='.$username);
+				$r = ldap_list($ds, $config['basedn'], $filter);
 				break;
 			case "subtree":
-				$r = ldap_search($ds, $config['basedn'], $config["username_field"].'='.$username);
+				$r = ldap_search($ds, $config['basedn'], $filter);
 				break;
 			default:
 				throw new \exceptions\ApiException("libraries/duser/ldap/invalid-ldap-scope", "Invalid LDAP scope");
author	Raphael Michel <mail@raphaelmichel.de>	2018-07-22 12:23:49 +0200
committer	Raphael Michel <mail@raphaelmichel.de>	2018-07-23 09:11:55 +0200
commit	fef3ac527c398d179de57361bf27476c504cc061 (patch)
tree	9076229158b18a7e5a05610abd2701bbc268c2ff /application/libraries
parent	f494eee4a3f9b0eb09f6f9d46fb2e6be40a116e6 (diff)