Bug 122365 - Allow installation definable LDAP filters

r,a=justdave

Bug 122365 - Allow installation definable LDAP filters
26af2c5a · bbaetz%acm.org · 94c8b7f2 · 26af2c5a · 26af2c5a
Commit 26af2c5a authored Jul 14, 2003 by bbaetz%acm.org
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 2 deletions

LDAP.pm Bugzilla/Auth/LDAP.pm +2 -2

defparams.pl defparams.pl +8 -0

No files found.
--- a/Bugzilla/Auth/LDAP.pm
+++ b/Bugzilla/Auth/LDAP.pm
@@ -84,7 +84,7 @@ sub authenticate {
    # We've got our anonymous bind;  let's look up this user.
    $mesg = $LDAPconn->search( base   => Param("LDAPBaseDN"),
                               scope  => "sub",
-                               filter => Param("LDAPuidattribute") . "=$username",
+                               filter => '(&(' . Param("LDAPuidattribute") . "=$username)" . Param("LDAPfilter") . ')',
                               attrs  => ['dn'],
                             );
    return (AUTH_LOGINFAILED, undef, "lookup_failure")
@@ -102,7 +102,7 @@ sub authenticate {
    # mail attribute for this user.
    $mesg = $LDAPconn->search( base   => Param("LDAPBaseDN"),
                               scope  => "sub",
-                               filter => Param("LDAPuidattribute") . "=$username",
+                               filter => '(&(' . Param("LDAPuidattribute") . "=$username)" . Param("LDAPfilter") . ')',
                             );
    my $user_entry = $mesg->shift_entry if !$mesg->code && $mesg->count;
    if(!$user_entry || !$user_entry->exists(Param("LDAPmailattribute"))) {

--- a/defparams.pl
+++ b/defparams.pl
@@ -389,6 +389,14 @@ sub check_loginmethod {
  },
  {
+   name => 'LDAPfilter',
+   desc => 'LDAP filter to AND with the <tt>LDAPuidattribute</tt> for ' .
+           'filtering the list of valid users.',
+   type => 't',
+   default => '',
+  },
+  {
   name => 'loginmethod',
   desc => 'The type of login authentication to use:
            <dl>