forked from extern/egroupware
* ActiveDirectory: implement addtional user or group filter
This commit is contained in:
Ralf Becker
parent
210c54b689
commit
c3000beb5f
@ -1017,6 +1017,41 @@ class Ads
|
||||
return 0;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get LDAP filter for user, groups or both
|
||||
*
|
||||
* @param string|null $account_type u = user, g = group, default null = try both
|
||||
* @return string string with LDAP filter
|
||||
*/
|
||||
public function type_filter($account_type=null)
|
||||
{
|
||||
switch ($account_type)
|
||||
{
|
||||
default: // user or groups
|
||||
case 'u':
|
||||
$type_filter = '(samaccounttype=' . adLDAP::ADLDAP_NORMAL_ACCOUNT . ')';
|
||||
if (!empty($this->frontend->config['ads_user_filter']))
|
||||
{
|
||||
$type_filter = '(&' . $type_filter . $this->frontend->config['ads_user_filter'] . ')';
|
||||
}
|
||||
if ($account_type === 'u') break;
|
||||
$user_filter = $type_filter;
|
||||
// fall through
|
||||
case 'g':
|
||||
$type_filter = '(|(samaccounttype=' . adLDAP::ADLDAP_SECURITY_GLOBAL_GROUP .
|
||||
')(samaccounttype=' . adLDAP::ADLDAP_SECURITY_LOCAL_GROUP . '))';
|
||||
if (!empty($this->frontend->config['ads_group_filter']))
|
||||
{
|
||||
$type_filter = '(&' . $type_filter . $this->frontend->config['ads_group_filter'] . ')';
|
||||
}
|
||||
if ($account_type === 'g') break;
|
||||
// user or groups
|
||||
$type_filter = '(|' . $user_filter . $type_filter . ')';
|
||||
break;
|
||||
}
|
||||
return $type_filter;
|
||||
}
|
||||
|
||||
/**
|
||||
* Query ADS by (optional) filter and (optional) account-type filter
|
||||
*
|
||||
@ -1030,24 +1065,9 @@ class Ads
|
||||
*/
|
||||
protected function filter($attr_filter, $account_type=null, array $attrs=null, array $accounts=array())
|
||||
{
|
||||
switch($account_type)
|
||||
{
|
||||
case 'u':
|
||||
$type_filter = '(samaccounttype='.adLDAP::ADLDAP_NORMAL_ACCOUNT.')';
|
||||
break;
|
||||
case 'g':
|
||||
$type_filter = '(|(samaccounttype='.adLDAP::ADLDAP_SECURITY_GLOBAL_GROUP.
|
||||
')(samaccounttype='.adLDAP::ADLDAP_SECURITY_LOCAL_GROUP.'))';
|
||||
break;
|
||||
default:
|
||||
$type_filter = '(|(samaccounttype='.adLDAP::ADLDAP_NORMAL_ACCOUNT.
|
||||
')(samaccounttype='.adLDAP::ADLDAP_SECURITY_GLOBAL_GROUP.
|
||||
')(samaccounttype='.adLDAP::ADLDAP_SECURITY_LOCAL_GROUP.'))';
|
||||
break;
|
||||
}
|
||||
if (!$attr_filter)
|
||||
{
|
||||
$filter = $type_filter;
|
||||
$filter = $this->type_filter($account_type);
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -1063,7 +1083,7 @@ class Ads
|
||||
$filter .= '('.$attr.'='.$this->adldap->utilities()->ldapSlashes($value).')';
|
||||
}
|
||||
}
|
||||
$filter .= $type_filter.')';
|
||||
$filter .= $this->type_filter($account_type).')';
|
||||
}
|
||||
$sri = ldap_search($ds=$this->ldap_connection(), $context=$this->ads_context(), $filter,
|
||||
$attrs ? $attrs : self::$default_attributes);
|
||||
|
||||
@ -102,6 +102,9 @@ class Ads extends Ldap
|
||||
//$this->sharedContactsDN = 'ou=shared,ou=contacts,'. $this->ldap_config['ldap_contact_context'];
|
||||
$this->allContactsDN = $this->accountContactsDN = $this->accounts_ads->ads_context();
|
||||
|
||||
// get filter for accounts (incl. additional filter from setup)
|
||||
$this->accountsFilter = $this->accounts_ads->type_filter('u');
|
||||
|
||||
if ($ds)
|
||||
{
|
||||
$this->ds = $ds;
|
||||
|
||||
@ -411,6 +411,14 @@
|
||||
</td>
|
||||
<td><input name="newsettings[ads_context]" value="{value_ads_context}" size="80" /></td>
|
||||
</tr>
|
||||
<tr class="row_off">
|
||||
<td>{lang_Additional_user_filter_(optional)}:</td>
|
||||
<td><input name="newsettings[ads_user_filter]" value="{value_ads_user_filter}" size="80" /></td>
|
||||
</tr>
|
||||
<tr class="row_on">
|
||||
<td>{lang_Additional_group_filter_(optional)}:</td>
|
||||
<td><input name="newsettings[ads_group_filter]" value="{value_ads_group_filter}" size="80" /></td>
|
||||
</tr>
|
||||
<tr class="row_off">
|
||||
<td><b>{lang_Attributes_for_new_users}</b><br/></td>
|
||||
<td>{lang_use_%u_for_username,_leave_empty_to_no_set}</td>
|
||||
|
||||
Loading…
Reference in New Issue
Block a user