mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-11-25 09:23:28 +01:00
* ActiveDirectory: implement addtional user or group filter
This commit is contained in:
parent
210c54b689
commit
c3000beb5f
@ -1017,6 +1017,41 @@ class Ads
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get LDAP filter for user, groups or both
|
||||||
|
*
|
||||||
|
* @param string|null $account_type u = user, g = group, default null = try both
|
||||||
|
* @return string string with LDAP filter
|
||||||
|
*/
|
||||||
|
public function type_filter($account_type=null)
|
||||||
|
{
|
||||||
|
switch ($account_type)
|
||||||
|
{
|
||||||
|
default: // user or groups
|
||||||
|
case 'u':
|
||||||
|
$type_filter = '(samaccounttype=' . adLDAP::ADLDAP_NORMAL_ACCOUNT . ')';
|
||||||
|
if (!empty($this->frontend->config['ads_user_filter']))
|
||||||
|
{
|
||||||
|
$type_filter = '(&' . $type_filter . $this->frontend->config['ads_user_filter'] . ')';
|
||||||
|
}
|
||||||
|
if ($account_type === 'u') break;
|
||||||
|
$user_filter = $type_filter;
|
||||||
|
// fall through
|
||||||
|
case 'g':
|
||||||
|
$type_filter = '(|(samaccounttype=' . adLDAP::ADLDAP_SECURITY_GLOBAL_GROUP .
|
||||||
|
')(samaccounttype=' . adLDAP::ADLDAP_SECURITY_LOCAL_GROUP . '))';
|
||||||
|
if (!empty($this->frontend->config['ads_group_filter']))
|
||||||
|
{
|
||||||
|
$type_filter = '(&' . $type_filter . $this->frontend->config['ads_group_filter'] . ')';
|
||||||
|
}
|
||||||
|
if ($account_type === 'g') break;
|
||||||
|
// user or groups
|
||||||
|
$type_filter = '(|' . $user_filter . $type_filter . ')';
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
return $type_filter;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Query ADS by (optional) filter and (optional) account-type filter
|
* Query ADS by (optional) filter and (optional) account-type filter
|
||||||
*
|
*
|
||||||
@ -1030,24 +1065,9 @@ class Ads
|
|||||||
*/
|
*/
|
||||||
protected function filter($attr_filter, $account_type=null, array $attrs=null, array $accounts=array())
|
protected function filter($attr_filter, $account_type=null, array $attrs=null, array $accounts=array())
|
||||||
{
|
{
|
||||||
switch($account_type)
|
|
||||||
{
|
|
||||||
case 'u':
|
|
||||||
$type_filter = '(samaccounttype='.adLDAP::ADLDAP_NORMAL_ACCOUNT.')';
|
|
||||||
break;
|
|
||||||
case 'g':
|
|
||||||
$type_filter = '(|(samaccounttype='.adLDAP::ADLDAP_SECURITY_GLOBAL_GROUP.
|
|
||||||
')(samaccounttype='.adLDAP::ADLDAP_SECURITY_LOCAL_GROUP.'))';
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
$type_filter = '(|(samaccounttype='.adLDAP::ADLDAP_NORMAL_ACCOUNT.
|
|
||||||
')(samaccounttype='.adLDAP::ADLDAP_SECURITY_GLOBAL_GROUP.
|
|
||||||
')(samaccounttype='.adLDAP::ADLDAP_SECURITY_LOCAL_GROUP.'))';
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
if (!$attr_filter)
|
if (!$attr_filter)
|
||||||
{
|
{
|
||||||
$filter = $type_filter;
|
$filter = $this->type_filter($account_type);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
@ -1063,7 +1083,7 @@ class Ads
|
|||||||
$filter .= '('.$attr.'='.$this->adldap->utilities()->ldapSlashes($value).')';
|
$filter .= '('.$attr.'='.$this->adldap->utilities()->ldapSlashes($value).')';
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
$filter .= $type_filter.')';
|
$filter .= $this->type_filter($account_type).')';
|
||||||
}
|
}
|
||||||
$sri = ldap_search($ds=$this->ldap_connection(), $context=$this->ads_context(), $filter,
|
$sri = ldap_search($ds=$this->ldap_connection(), $context=$this->ads_context(), $filter,
|
||||||
$attrs ? $attrs : self::$default_attributes);
|
$attrs ? $attrs : self::$default_attributes);
|
||||||
|
@ -102,6 +102,9 @@ class Ads extends Ldap
|
|||||||
//$this->sharedContactsDN = 'ou=shared,ou=contacts,'. $this->ldap_config['ldap_contact_context'];
|
//$this->sharedContactsDN = 'ou=shared,ou=contacts,'. $this->ldap_config['ldap_contact_context'];
|
||||||
$this->allContactsDN = $this->accountContactsDN = $this->accounts_ads->ads_context();
|
$this->allContactsDN = $this->accountContactsDN = $this->accounts_ads->ads_context();
|
||||||
|
|
||||||
|
// get filter for accounts (incl. additional filter from setup)
|
||||||
|
$this->accountsFilter = $this->accounts_ads->type_filter('u');
|
||||||
|
|
||||||
if ($ds)
|
if ($ds)
|
||||||
{
|
{
|
||||||
$this->ds = $ds;
|
$this->ds = $ds;
|
||||||
|
@ -411,6 +411,14 @@
|
|||||||
</td>
|
</td>
|
||||||
<td><input name="newsettings[ads_context]" value="{value_ads_context}" size="80" /></td>
|
<td><input name="newsettings[ads_context]" value="{value_ads_context}" size="80" /></td>
|
||||||
</tr>
|
</tr>
|
||||||
|
<tr class="row_off">
|
||||||
|
<td>{lang_Additional_user_filter_(optional)}:</td>
|
||||||
|
<td><input name="newsettings[ads_user_filter]" value="{value_ads_user_filter}" size="80" /></td>
|
||||||
|
</tr>
|
||||||
|
<tr class="row_on">
|
||||||
|
<td>{lang_Additional_group_filter_(optional)}:</td>
|
||||||
|
<td><input name="newsettings[ads_group_filter]" value="{value_ads_group_filter}" size="80" /></td>
|
||||||
|
</tr>
|
||||||
<tr class="row_off">
|
<tr class="row_off">
|
||||||
<td><b>{lang_Attributes_for_new_users}</b><br/></td>
|
<td><b>{lang_Attributes_for_new_users}</b><br/></td>
|
||||||
<td>{lang_use_%u_for_username,_leave_empty_to_no_set}</td>
|
<td>{lang_use_%u_for_username,_leave_empty_to_no_set}</td>
|
||||||
|
Loading…
Reference in New Issue
Block a user