mirror/ssh-key-authority
1
0
Fork 0
mirror of https://github.com/operasoftware/ssh-key-authority.git synced 2025-12-17 02:14:14 -06:00
Code Issues Packages Projects Releases Wiki Activity

Also add group_filter attribute for separating groups from other entities

Browse Source
This commit is contained in:
Thomas Pike
2021-11-07 15:51:17 +01:00
parent 601d39d2d5
commit 3d1c5c097f
2 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
config/config-sample.ini
View File

@@ -94,6 +94,9 @@ dn_user = "ou=users,dc=example,dc=com"
dn_group = "ou=groups,dc=example,dc=com"
; (Optional) filter for matching user objects
;user_filter = "(objectClass=inetOrgPerson)"
; (Optional) filter for matching group objects
;group_filter = "(objectClass=posixGroup)"
; Set to 1 if the LDAP library should process referrals. In most cases this
; is not needed, and for AD servers it can cause errors when querying the
; whole tree.

7
model/user.php
View File

@@ -313,6 +313,11 @@ class User extends Entity {
} else {
$user_filter = '';
}
if(isset($config['ldap']['group_filter'])) {
$group_filter = $config['ldap']['group_filter'];
} else {
$group_filter = '';
}
$ldapusers = $this->ldap->search($config['ldap']['dn_user'], '(&('.LDAP::escape($config['ldap']['user_id']).'='.LDAP::escape($this->uid).')'.$user_filter.')', array_keys(array_flip($attributes)));
if($ldapuser = reset($ldapusers)) {
$this->auth_realm = 'LDAP';
@@ -330,7 +335,7 @@ class User extends Entity {
$this->active = 1;
}
$group_member = $ldapuser[strtolower($config['ldap']['group_member_value'])];
$ldapgroups = $this->ldap->search($config['ldap']['dn_group'], LDAP::escape($config['ldap']['group_member']).'='.LDAP::escape($group_member), array('cn'));
$ldapgroups = $this->ldap->search($config['ldap']['dn_group'], '(&('.LDAP::escape($config['ldap']['group_member']).'='.LDAP::escape($group_member).')'.$group_filter.')', array('cn'));
$memberships = array();
foreach($ldapgroups as $ldapgroup) {
$memberships[$ldapgroup['cn']] = true;