[Web] apply LDAP filter

mailcow · Feb 23, 2024 · 010d898 · 010d898
1 parent 766c270
commit 010d898
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 6 deletions.
diff --git a/data/conf/phpfpm/crons/ldap-sync.php b/data/conf/phpfpm/crons/ldap-sync.php
@@ -110,8 +110,11 @@ function logMsg($priority, $message, $task = "LDAP Sync") {
 fclose($lock_file_handle);
 
 // Get ldap users
-$response = $iam_provider->query()
-  ->where($iam_settings['username_field'], "*")
+$ldap_query = $iam_provider->query();
+if (!empty($iam_settings['filter'])) {
+  $ldap_query = $ldap_query->rawFilter($iam_settings['filter']);
+}
+$response = $ldap_query->where($iam_settings['username_field'], "*")
   ->where($iam_settings['attribute_field'], "*")
   ->select([$iam_settings['username_field'], $iam_settings['attribute_field'], 'displayname'])
   ->paginate($max);

diff --git a/data/web/inc/functions.auth.inc.php b/data/web/inc/functions.auth.inc.php
@@ -493,12 +493,12 @@ function ldap_mbox_login($user, $pass, $iam_settings, $extra = null){
   }
 
   try {
-    $ldap_query = $iam_provider->query()
-      ->where($iam_settings['username_field'], '=', $user)
-      ->select([$iam_settings['username_field'], $iam_settings['attribute_field'], 'displayname', 'distinguishedname']);
+    $ldap_query = $iam_provider->query();
     if (!empty($iam_settings['filter'])) {
-      $ldap_query = $ldap_query->whereRaw($iam_settings['filter']);
+      $ldap_query = $ldap_query->rawFilter($iam_settings['filter']);
     }
+    $ldap_query = $ldap_query->where($iam_settings['username_field'], '=', $user)
+      ->select([$iam_settings['username_field'], $iam_settings['attribute_field'], 'displayname', 'distinguishedname']);
 
     $user_res = $ldap_query->firstOrFail();
   } catch (Exception $e) {