From 138285377eb888aff1cbeba6a26baeeb32e7ecc7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Treffenst=C3=A4dt?= Date: Thu, 23 Dec 2021 15:09:42 +0100 Subject: [PATCH 1/7] Added custom search and auth filters to auth-ldap --- auth-ldap/authentication.php | 12 ++++-------- auth-ldap/config.php | 8 ++++++++ 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/auth-ldap/authentication.php b/auth-ldap/authentication.php index 944d363..33de21d 100644 --- a/auth-ldap/authentication.php +++ b/auth-ldap/authentication.php @@ -28,7 +28,6 @@ class LDAPAuthentication { static $schemas = array( 'msad' => array( 'user' => array( - 'filter' => '(objectClass=user)', 'base' => 'CN=Users', 'first' => 'givenName', 'last' => 'sn', @@ -38,8 +37,6 @@ class LDAPAuthentication { 'mobile' => false, 'username' => 'sAMAccountName', 'dn' => '{username}@{domain}', - 'search' => '(&(objectCategory=person)(objectClass=user)(|(sAMAccountName={q}*)(firstName={q}*)(lastName={q}*)(displayName={q}*)))', - 'lookup' => '(&(objectCategory=person)(objectClass=user)({attr}={q}))', ), 'group' => array( 'ismember' => '(&(objectClass=user)(sAMAccountName={username}) @@ -50,7 +47,6 @@ class LDAPAuthentication { // A general approach for RFC-2307 '2307' => array( 'user' => array( - 'filter' => '(objectClass=inetOrgPerson)', 'first' => 'gn', 'last' => 'sn', 'full' => array('displayName', 'gecos', 'cn'), @@ -59,8 +55,6 @@ class LDAPAuthentication { 'mobile' => 'mobileTelephoneNumber', 'username' => 'uid', 'dn' => 'uid={username},{search_base}', - 'search' => '(&(objectClass=inetOrgPerson)(|(uid={q}*)(displayName={q}*)(cn={q}*)))', - 'lookup' => '(&(objectClass=inetOrgPerson)({attr}={q}))', ), ), ); @@ -228,6 +222,7 @@ function($match) use ($username, $domain, $config) { if (!$this->_bind($c)) return null; + $auth_filter = $this->getConfig()->get('auth_filter'); $r = $c->search( $this->getSearchBase(), str_replace( @@ -235,7 +230,7 @@ function($match) use ($username, $domain, $config) { // Assume email address if the $username contains an @ sign array(strpos($username, '@') ? $schema['email'] : $schema['username'], $username), - $schema['lookup']), + $auth_filter), array('sizelimit' => 1) ); if (PEAR::isError($r) || !$r->count()) @@ -307,9 +302,10 @@ function search($query) { $schema = static::$schemas[$this->getSchema($c)]; $schema = $schema['user']; + $search_filter = $this->getConfig()->get('search_filter'); $r = $c->search( $this->getSearchBase(), - str_replace('{q}', $query, $schema['search']), + str_replace('{q}', $query, $search_filter, array('attributes' => array_filter(flatten(array( $schema['first'], $schema['last'], $schema['full'], $schema['phone'], $schema['mobile'], $schema['email'], diff --git a/auth-ldap/config.php b/auth-ldap/config.php index ca3380a..2f69aec 100644 --- a/auth-ldap/config.php +++ b/auth-ldap/config.php @@ -106,6 +106,14 @@ function($self, $val) use ($__) { '2307' => 'Posix Account (rfc 2307)', ), )), + 'search_filter' => new TextboxField(array( + 'label' => $__('LDAP Filter for searching users'), + 'hint' => $__('Used when searching for users. {q} will be replaced with the search term.') + )), + 'auth_filter' => new TextboxField(array( + 'label' => $__('LDAP Filter for authentication'), + 'hint' => $__('Used when authenticating. {q} will be replaced with the user id.') + )), 'auth' => new SectionBreakField(array( 'label' => $__('Authentication Modes'), From 954d60d12586901a08cce6382dc2b9ad1412ce9f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Treffenst=C3=A4dt?= Date: Thu, 23 Dec 2021 16:17:46 +0100 Subject: [PATCH 2/7] Fixed accidentally removed closing paranethesis --- auth-ldap/authentication.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/auth-ldap/authentication.php b/auth-ldap/authentication.php index 33de21d..f395ca3 100644 --- a/auth-ldap/authentication.php +++ b/auth-ldap/authentication.php @@ -305,7 +305,7 @@ function search($query) { $search_filter = $this->getConfig()->get('search_filter'); $r = $c->search( $this->getSearchBase(), - str_replace('{q}', $query, $search_filter, + str_replace('{q}', $query, $search_filter), array('attributes' => array_filter(flatten(array( $schema['first'], $schema['last'], $schema['full'], $schema['phone'], $schema['mobile'], $schema['email'], From 589506ea0a46493e02df9615ae4ec02babfe8aee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Treffenst=C3=A4dt?= Date: Thu, 23 Dec 2021 16:27:59 +0100 Subject: [PATCH 3/7] Added size and length fields to ldap filter inputs --- auth-ldap/config.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/auth-ldap/config.php b/auth-ldap/config.php index 2f69aec..7f6c0dd 100644 --- a/auth-ldap/config.php +++ b/auth-ldap/config.php @@ -108,11 +108,13 @@ function($self, $val) use ($__) { )), 'search_filter' => new TextboxField(array( 'label' => $__('LDAP Filter for searching users'), - 'hint' => $__('Used when searching for users. {q} will be replaced with the search term.') + 'hint' => $__('Used when searching for users. {q} will be replaced with the search term.'), + 'configuration' => array('size'=>70, 'length'=>160), )), 'auth_filter' => new TextboxField(array( 'label' => $__('LDAP Filter for authentication'), - 'hint' => $__('Used when authenticating. {q} will be replaced with the user id.') + 'hint' => $__('Used when authenticating. {q} will be replaced with the user id.'), + 'configuration' => array('size'=>70, 'length'=>160), )), 'auth' => new SectionBreakField(array( From 2f4c3cc04e31eb726240ef68c6188a24c3915f7f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Treffenst=C3=A4dt?= Date: Thu, 23 Dec 2021 16:55:21 +0100 Subject: [PATCH 4/7] Added custom search filter boolean selection --- auth-ldap/config.php | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/auth-ldap/config.php b/auth-ldap/config.php index 7f6c0dd..646eb2f 100644 --- a/auth-ldap/config.php +++ b/auth-ldap/config.php @@ -106,6 +106,17 @@ function($self, $val) use ($__) { '2307' => 'Posix Account (rfc 2307)', ), )), + 'search_filter_options' => new SectionBreakField(array( + 'label' => $__('Custom search filters'), + 'hint' => $__('Custom search filter options in case the pre-supplied ones are non-sufficient.') + )), + 'use_custom_filters' => new BooleanField(array( + 'label' => $__('Use Custom Filters'), + 'default' => false, + 'configuration' => array( + 'desc' => $__('Use Custom Search and Authentication Filters') + ) + )), 'search_filter' => new TextboxField(array( 'label' => $__('LDAP Filter for searching users'), 'hint' => $__('Used when searching for users. {q} will be replaced with the search term.'), From 1462990f0d8316194eda22adb2cffbe370377408 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Treffenst=C3=A4dt?= Date: Thu, 23 Dec 2021 16:57:43 +0100 Subject: [PATCH 5/7] Re-Added default options for search and auth filters --- auth-ldap/authentication.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/auth-ldap/authentication.php b/auth-ldap/authentication.php index f395ca3..c6b0cfe 100644 --- a/auth-ldap/authentication.php +++ b/auth-ldap/authentication.php @@ -28,6 +28,7 @@ class LDAPAuthentication { static $schemas = array( 'msad' => array( 'user' => array( + 'filter' => '(objectClass=user)', 'base' => 'CN=Users', 'first' => 'givenName', 'last' => 'sn', @@ -37,6 +38,8 @@ class LDAPAuthentication { 'mobile' => false, 'username' => 'sAMAccountName', 'dn' => '{username}@{domain}', + 'search' => '(&(objectCategory=person)(objectClass=user)(|(sAMAccountName={q}*)(firstName={q}*)(lastName={q}*)(displayName={q}*)))', + 'lookup' => '(&(objectCategory=person)(objectClass=user)({attr}={q}))', ), 'group' => array( 'ismember' => '(&(objectClass=user)(sAMAccountName={username}) @@ -47,6 +50,7 @@ class LDAPAuthentication { // A general approach for RFC-2307 '2307' => array( 'user' => array( + 'filter' => '(objectClass=inetOrgPerson)', 'first' => 'gn', 'last' => 'sn', 'full' => array('displayName', 'gecos', 'cn'), @@ -55,6 +59,8 @@ class LDAPAuthentication { 'mobile' => 'mobileTelephoneNumber', 'username' => 'uid', 'dn' => 'uid={username},{search_base}', + 'search' => '(&(objectClass=inetOrgPerson)(|(uid={q}*)(displayName={q}*)(cn={q}*)))', + 'lookup' => '(&(objectClass=inetOrgPerson)({attr}={q}))', ), ), ); From 6be6619a600611ff09de43a58a2673e0a9a904e6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Treffenst=C3=A4dt?= Date: Thu, 23 Dec 2021 17:03:56 +0100 Subject: [PATCH 6/7] Now using the default filters for when the use_custom_filters option is unchecked --- auth-ldap/authentication.php | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/auth-ldap/authentication.php b/auth-ldap/authentication.php index c6b0cfe..33e17d3 100644 --- a/auth-ldap/authentication.php +++ b/auth-ldap/authentication.php @@ -228,7 +228,12 @@ function($match) use ($username, $domain, $config) { if (!$this->_bind($c)) return null; - $auth_filter = $this->getConfig()->get('auth_filter'); + $auth_filter = $schema['lookup']; + + if ($this->getConfig()->get('use_custom_filters')) { + $auth_filter = $this->getConfig()->get('auth_filter'); + } + $r = $c->search( $this->getSearchBase(), str_replace( @@ -308,7 +313,12 @@ function search($query) { $schema = static::$schemas[$this->getSchema($c)]; $schema = $schema['user']; - $search_filter = $this->getConfig()->get('search_filter'); + + $search_filter = $schema['search']; + + if ($this->getConfig()->get('use_custom_filters')) { + $search_filter = $this->getConfig()->get('search_filter'); + } $r = $c->search( $this->getSearchBase(), str_replace('{q}', $query, $search_filter), From ff70e51a3a98ae4854b66e3fd19b0a74cf1ae22b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Treffenst=C3=A4dt?= Date: Thu, 23 Dec 2021 17:12:40 +0100 Subject: [PATCH 7/7] Replaced if statements with ternary operator assignments --- auth-ldap/authentication.php | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/auth-ldap/authentication.php b/auth-ldap/authentication.php index 33e17d3..47703ba 100644 --- a/auth-ldap/authentication.php +++ b/auth-ldap/authentication.php @@ -228,11 +228,7 @@ function($match) use ($username, $domain, $config) { if (!$this->_bind($c)) return null; - $auth_filter = $schema['lookup']; - - if ($this->getConfig()->get('use_custom_filters')) { - $auth_filter = $this->getConfig()->get('auth_filter'); - } + $auth_filter = $this->getConfig()->get('use_custom_filters')?($this->getConfig()->get('auth_filter')):($schema['lookup']); $r = $c->search( $this->getSearchBase(), @@ -314,11 +310,8 @@ function search($query) { $schema = static::$schemas[$this->getSchema($c)]; $schema = $schema['user']; - $search_filter = $schema['search']; + $search_filter = ($this->getConfig()->get('use_custom_filters'))?($this->getConfig()->get('search_filter')):($schema['search']); - if ($this->getConfig()->get('use_custom_filters')) { - $search_filter = $this->getConfig()->get('search_filter'); - } $r = $c->search( $this->getSearchBase(), str_replace('{q}', $query, $search_filter),