mirror/ssh-key-authority
1
0
Fork 0
mirror of https://github.com/operasoftware/ssh-key-authority.git synced 2025-12-19 03:10:18 -06:00
Code Issues Packages Projects Releases Wiki Activity

Add user_filter attribute for separating users from other entities (eg. groups)

Browse Source 
Resolves: #60
This commit is contained in:
Thomas Pike
2021-11-07 15:36:30 +01:00
parent 17880542d1
commit 601d39d2d5
2 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
config/config-sample.ini
View File

@@ -92,6 +92,8 @@ starttls = 0
dn_user = "ou=users,dc=example,dc=com"
; LDAP subtree containing GROUP entries
dn_group = "ou=groups,dc=example,dc=com"
; (Optional) filter for matching user objects
;user_filter = "(objectClass=inetOrgPerson)"
; Set to 1 if the LDAP library should process referrals. In most cases this
; is not needed, and for AD servers it can cause errors when querying the
; whole tree.

7
model/user.php
View File

@@ -308,7 +308,12 @@ class User extends Entity {
if(isset($config['ldap']['user_active'])) {
$attributes[] = $config['ldap']['user_active'];
}
$ldapusers = $this->ldap->search($config['ldap']['dn_user'], LDAP::escape($config['ldap']['user_id']).'='.LDAP::escape($this->uid), array_keys(array_flip($attributes)));
if(isset($config['ldap']['user_filter'])) {
$user_filter = $config['ldap']['user_filter'];
} else {
$user_filter = '';
}
$ldapusers = $this->ldap->search($config['ldap']['dn_user'], '(&('.LDAP::escape($config['ldap']['user_id']).'='.LDAP::escape($this->uid).')'.$user_filter.')', array_keys(array_flip($attributes)));
if($ldapuser = reset($ldapusers)) {
$this->auth_realm = 'LDAP';
$this->uid = $ldapuser[strtolower($config['ldap']['user_id'])];