extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2024-10-06 01:52:08 +02:00
Code Issues Packages Projects Releases Wiki Activity

* ActiveDirectory: implement addtional user or group filter

Browse Source
This commit is contained in:
Ralf Becker 2020-09-02 13:56:35 +02:00
parent 210c54b689
commit c3000beb5f
3 changed files with 48 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
api/src/Accounts/Ads.php
View File

@ -1017,6 +1017,41 @@ class Ads
return 0;
}
/**
* Get LDAP filter for user, groups or both
*
* @param string|null $account_type u = user, g = group, default null = try both
* @return string string with LDAP filter
*/
public function type_filter($account_type=null)
{
switch ($account_type)
{
default: // user or groups
case 'u':
$type_filter = '(samaccounttype=' . adLDAP::ADLDAP_NORMAL_ACCOUNT . ')';
if (!empty($this->frontend->config['ads_user_filter']))
{
$type_filter = '(&' . $type_filter . $this->frontend->config['ads_user_filter'] . ')';
}
if ($account_type === 'u') break;
$user_filter = $type_filter;
// fall through
case 'g':
$type_filter = '(|(samaccounttype=' . adLDAP::ADLDAP_SECURITY_GLOBAL_GROUP .
')(samaccounttype=' . adLDAP::ADLDAP_SECURITY_LOCAL_GROUP . '))';
if (!empty($this->frontend->config['ads_group_filter']))
{
$type_filter = '(&' . $type_filter . $this->frontend->config['ads_group_filter'] . ')';
}
if ($account_type === 'g') break;
// user or groups
$type_filter = '(|' . $user_filter . $type_filter . ')';
break;
}
return $type_filter;
}
/**
* Query ADS by (optional) filter and (optional) account-type filter
*
@ -1030,24 +1065,9 @@ class Ads
*/
protected function filter($attr_filter, $account_type=null, array $attrs=null, array $accounts=array())
{
switch($account_type)
{
case 'u':
$type_filter = '(samaccounttype='.adLDAP::ADLDAP_NORMAL_ACCOUNT.')';
break;
case 'g':
$type_filter = '(|(samaccounttype='.adLDAP::ADLDAP_SECURITY_GLOBAL_GROUP.
')(samaccounttype='.adLDAP::ADLDAP_SECURITY_LOCAL_GROUP.'))';
break;
default:
$type_filter = '(|(samaccounttype='.adLDAP::ADLDAP_NORMAL_ACCOUNT.
')(samaccounttype='.adLDAP::ADLDAP_SECURITY_GLOBAL_GROUP.
')(samaccounttype='.adLDAP::ADLDAP_SECURITY_LOCAL_GROUP.'))';
break;
}
if (!$attr_filter)
{
$filter = $type_filter;
$filter = $this->type_filter($account_type);
}
else
{
@ -1063,7 +1083,7 @@ class Ads
$filter .= '('.$attr.'='.$this->adldap->utilities()->ldapSlashes($value).')';
}
}
$filter .= $type_filter.')';
$filter .= $this->type_filter($account_type).')';
}
$sri = ldap_search($ds=$this->ldap_connection(), $context=$this->ads_context(), $filter,
$attrs ? $attrs : self::$default_attributes);

3
api/src/Contacts/Ads.php
View File

@ -102,6 +102,9 @@ class Ads extends Ldap
//$this->sharedContactsDN = 'ou=shared,ou=contacts,'. $this->ldap_config['ldap_contact_context'];
$this->allContactsDN = $this->accountContactsDN = $this->accounts_ads->ads_context();
// get filter for accounts (incl. additional filter from setup)
$this->accountsFilter = $this->accounts_ads->type_filter('u');
if ($ds)
{
$this->ds = $ds;

8
setup/templates/default/config.tpl
View File

@ -411,6 +411,14 @@
</td>
<td><input name="newsettings[ads_context]" value="{value_ads_context}" size="80" /></td>
</tr>
<tr class="row_off">
<td>{lang_Additional_user_filter_(optional)}:</td>
<td><input name="newsettings[ads_user_filter]" value="{value_ads_user_filter}" size="80" /></td>
</tr>
<tr class="row_on">
<td>{lang_Additional_group_filter_(optional)}:</td>
<td><input name="newsettings[ads_group_filter]" value="{value_ads_group_filter}" size="80" /></td>
</tr>
<tr class="row_off">
<td><b>{lang_Attributes_for_new_users}</b><br/></td>
<td>{lang_use_%u_for_username,_leave_empty_to_no_set}</td>