From fef3ac527c398d179de57361bf27476c504cc061 Mon Sep 17 00:00:00 2001 From: Raphael Michel Date: Sun, 22 Jul 2018 12:23:49 +0200 Subject: LDAP: Allow optional filtering of allowed users --- application/libraries/Duser/drivers/Duser_ldap.php | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) (limited to 'application/libraries') diff --git a/application/libraries/Duser/drivers/Duser_ldap.php b/application/libraries/Duser/drivers/Duser_ldap.php index f30257364..9481397d0 100644 --- a/application/libraries/Duser/drivers/Duser_ldap.php +++ b/application/libraries/Duser/drivers/Duser_ldap.php @@ -30,15 +30,22 @@ class Duser_ldap extends Duser_Driver { ldap_bind($ds, $config['bind_rdn'], $config['bind_password']); } + if (isset($config['filter'])) { + $filter = sprintf($config['filter'], $username); + } else { + $filter = $config["username_field"].'='.$username; + } + + switch ($config["scope"]) { case "base": - $r = ldap_read($ds, $config['basedn'], $config["username_field"].'='.$username); + $r = ldap_read($ds, $config['basedn'], $filter); break; case "one": - $r = ldap_list($ds, $config['basedn'], $config["username_field"].'='.$username); + $r = ldap_list($ds, $config['basedn'], $filter); break; case "subtree": - $r = ldap_search($ds, $config['basedn'], $config["username_field"].'='.$username); + $r = ldap_search($ds, $config['basedn'], $filter); break; default: throw new \exceptions\ApiException("libraries/duser/ldap/invalid-ldap-scope", "Invalid LDAP scope"); -- cgit v1.2.3-24-g4f1b