From 010d898786b78327240bb2f2608e973a65c5f859 Mon Sep 17 00:00:00 2001 From: FreddleSpl0it Date: Fri, 23 Feb 2024 10:01:56 +0100 Subject: [PATCH] [Web] apply LDAP filter --- data/conf/phpfpm/crons/ldap-sync.php | 7 +++++-- data/web/inc/functions.auth.inc.php | 8 ++++---- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/data/conf/phpfpm/crons/ldap-sync.php b/data/conf/phpfpm/crons/ldap-sync.php index 5686bdacc..20cf7f290 100644 --- a/data/conf/phpfpm/crons/ldap-sync.php +++ b/data/conf/phpfpm/crons/ldap-sync.php @@ -110,8 +110,11 @@ fwrite($lock_file_handle, getmypid()); fclose($lock_file_handle); // Get ldap users -$response = $iam_provider->query() - ->where($iam_settings['username_field'], "*") +$ldap_query = $iam_provider->query(); +if (!empty($iam_settings['filter'])) { + $ldap_query = $ldap_query->rawFilter($iam_settings['filter']); +} +$response = $ldap_query->where($iam_settings['username_field'], "*") ->where($iam_settings['attribute_field'], "*") ->select([$iam_settings['username_field'], $iam_settings['attribute_field'], 'displayname']) ->paginate($max); diff --git a/data/web/inc/functions.auth.inc.php b/data/web/inc/functions.auth.inc.php index 6075ab764..b7b8dbc6a 100644 --- a/data/web/inc/functions.auth.inc.php +++ b/data/web/inc/functions.auth.inc.php @@ -493,12 +493,12 @@ function ldap_mbox_login($user, $pass, $iam_settings, $extra = null){ } try { - $ldap_query = $iam_provider->query() - ->where($iam_settings['username_field'], '=', $user) - ->select([$iam_settings['username_field'], $iam_settings['attribute_field'], 'displayname', 'distinguishedname']); + $ldap_query = $iam_provider->query(); if (!empty($iam_settings['filter'])) { - $ldap_query = $ldap_query->whereRaw($iam_settings['filter']); + $ldap_query = $ldap_query->rawFilter($iam_settings['filter']); } + $ldap_query = $ldap_query->where($iam_settings['username_field'], '=', $user) + ->select([$iam_settings['username_field'], $iam_settings['attribute_field'], 'displayname', 'distinguishedname']); $user_res = $ldap_query->firstOrFail(); } catch (Exception $e) {