Merge pull request #3733 from glmdev/glmdev-ldap-filter

Add config option to specify custom LDAP filter

app/Scopes/LdapFilterScope.php

@@ -0,0 +1,21 @@
+<?php
+
+namespace FireflyIII\Scopes;
+
+use Adldap\Query\Builder;
+use Adldap\Laravel\Scopes\ScopeInterface;
+
+class LdapFilterScope implements ScopeInterface {
+    /**
+     * If the ADLDAP_AUTH_FILTER is provided, apply the filter to the LDAP query.
+     * @param Builder $query
+     * @return void
+     */
+    public function apply(Builder $query)
+    {
+        $filter = (string) config('ldap_auth.custom_filter');
+        if ( '' !== $filter ) {
+            $query->rawFilter($filter);
+        }
+    }
+}

config/ldap_auth.php

@@ -22,6 +22,8 @@
 
 declare(strict_types=1);
 
+use FireflyIII\Scopes\LdapFilterScope;
+
 use Adldap\Laravel\Events\Authenticated;
 use Adldap\Laravel\Events\AuthenticatedModelTrashed;
 use Adldap\Laravel\Events\AuthenticatedWithWindows;
@@ -49,13 +51,17 @@ use Adldap\Laravel\Scopes\UpnScope;
 
 // default OpenLDAP scopes.
 $scopes = [
+    LdapFilterScope::class,
     UidScope::class,
 ];
 if ('FreeIPA' === env('ADLDAP_CONNECTION_SCHEME')) {
-    $scopes = [];
+    $scopes = [
+        LdapFilterScope::class,
+    ];
 }
 if ('ActiveDirectory' === env('ADLDAP_CONNECTION_SCHEME')) {
     $scopes = [
+        LdapFilterScope::class,
         UpnScope::class,
     ];
 }
@@ -374,4 +380,16 @@ return [
         ],
     ],
 
+    /*
+    |--------------------------------------------------------------------------
+    | Custom LDAP Filter
+    |--------------------------------------------------------------------------
+    |
+    | This value can be optionally provided to restrict LDAP queries to the
+    | given filter. It should be in LDAP filter format, and will be
+    | applied in the LdapFilterScope.
+    |
+    */
+    'custom_filter' => env('ADLDAP_AUTH_FILTER', ''),
+
 ];