diff --git a/.env.example b/.env.example index f886f98993..c1b2b2de35 100644 --- a/.env.example +++ b/.env.example @@ -177,6 +177,12 @@ MAP_DEFAULT_ZOOM=6 # https://docs.firefly-iii.org/advanced-installation/authentication AUTHENTICATION_GUARD=web +# +# Your LDAP server may speak a dialect. You can choose between 'OpenLDAP' and 'ActiveDirectory' +# Anything else defaults to 'ActiveDirectory' +# +LDAP_DIALECT=OpenLDAP + # # LDAP connection settings: # diff --git a/app/Ldap/Rules/UserDefinedRule.php b/app/Ldap/Rules/UserDefinedRule.php index ac5563863d..c1139da020 100644 --- a/app/Ldap/Rules/UserDefinedRule.php +++ b/app/Ldap/Rules/UserDefinedRule.php @@ -5,6 +5,7 @@ namespace FireflyIII\Ldap\Rules; use LdapRecord\Laravel\Auth\Rule; use LdapRecord\Models\ActiveDirectory\Group; +use LdapRecord\Query\ObjectNotFoundException; use Log; /** @@ -16,19 +17,15 @@ class UserDefinedRule extends Rule * Check if the rule passes validation. * * @return bool + * @throws ObjectNotFoundException */ public function isValid() { - // LDAP_GROUP_FILTER $groupFilter = config('ldap.group_filter'); Log::debug(sprintf('UserDefinedRule with group filter "%s"', $groupFilter)); if (null !== $groupFilter && '' !== (string)$groupFilter) { Log::debug('Group filter is not empty, will now apply it.'); - $administrators = Group::find($groupFilter); - $result = $this->user->groups()->recursive()->exists($administrators); - Log::debug(sprintf('Search result is %s.', var_export($result, true))); - - return $result; + return $this->user->groups()->recursive()->exists(Group::findOrFail($groupFilter)); } Log::debug('Group filter is empty or NULL, so will return true.'); diff --git a/app/Ldap/Scopes/UserDefinedScope.php b/app/Ldap/Scopes/UserDefinedScope.php new file mode 100644 index 0000000000..9a641d4f49 --- /dev/null +++ b/app/Ldap/Scopes/UserDefinedScope.php @@ -0,0 +1,43 @@ +in($groupFilter); + } + Log::debug('UserDefinedScope: done!'); + */ + } +} diff --git a/app/Providers/AuthServiceProvider.php b/app/Providers/AuthServiceProvider.php index fcd48ce4c4..1b37f21301 100644 --- a/app/Providers/AuthServiceProvider.php +++ b/app/Providers/AuthServiceProvider.php @@ -22,6 +22,7 @@ declare(strict_types=1); namespace FireflyIII\Providers; +use FireflyIII\Ldap\Scopes\UserDefinedScope; use FireflyIII\Support\Authentication\RemoteUserGuard; use FireflyIII\Support\Authentication\RemoteUserProvider; use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider; @@ -66,5 +67,11 @@ class AuthServiceProvider extends ServiceProvider $this->registerPolicies(); Passport::routes(); Passport::tokensExpireIn(now()->addDays(14)); + + + \LdapRecord\Models\OpenLDAP\User::addGlobalScope( + new UserDefinedScope + ); + } } diff --git a/config/auth.php b/config/auth.php index 37187762b4..3d46aa1e8b 100644 --- a/config/auth.php +++ b/config/auth.php @@ -108,8 +108,7 @@ return [ 'ldap' => [ 'driver' => 'ldap', - //'model' => LdapRecord\Models\ActiveDirectory\User::class, - 'model' => LdapRecord\Models\OpenLDAP\User::class, + 'model' => env('LDAP_DIALECT') === 'OpenLDAP' ? LdapRecord\Models\OpenLDAP\User::class : LdapRecord\Models\ActiveDirectory\User::class, 'rules' => [ UserDefinedRule::class, ],