inlcude AD primary group in user filter, if a group is selected. fixes #12190
This commit is contained in:
parent
55142186de
commit
323af55b50
|
@ -850,13 +850,23 @@ class Wizard extends LDAPUtility {
|
||||||
}
|
}
|
||||||
$base = $this->configuration->ldapBase[0];
|
$base = $this->configuration->ldapBase[0];
|
||||||
foreach($cns as $cn) {
|
foreach($cns as $cn) {
|
||||||
$rr = $this->ldap->search($cr, $base, 'cn=' . $cn, array('dn'));
|
$rr = $this->ldap->search($cr, $base, 'cn=' . $cn, array('dn', 'primaryGroupToken'));
|
||||||
if(!$this->ldap->isResource($rr)) {
|
if(!$this->ldap->isResource($rr)) {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
$er = $this->ldap->firstEntry($cr, $rr);
|
$er = $this->ldap->firstEntry($cr, $rr);
|
||||||
|
$attrs = $this->ldap->getAttributes($cr, $er);
|
||||||
$dn = $this->ldap->getDN($cr, $er);
|
$dn = $this->ldap->getDN($cr, $er);
|
||||||
$filter .= '(memberof=' . $dn . ')';
|
if(empty($dn)) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
$filterPart = '(memberof=' . $dn . ')';
|
||||||
|
if(isset($attrs['primaryGroupToken'])) {
|
||||||
|
$pgt = $attrs['primaryGroupToken'][0];
|
||||||
|
$primaryFilterPart = '(primaryGroupID=' . $pgt .')';
|
||||||
|
$filterPart = '(|' . $filterPart . $primaryFilterPart . ')';
|
||||||
|
}
|
||||||
|
$filter .= $filterPart;
|
||||||
}
|
}
|
||||||
$filter .= ')';
|
$filter .= ')';
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue