use LDAP filter strings

2025-09-13 14:31:15 +00:00 · 2021-05-10 10:31:56 +02:00
parent 3ecb0925d6
commit 27de6e8b8c
8 changed files with 157 additions and 225 deletions
--- a/internal/ldap/config.go
+++ b/internal/ldap/config.go
@@ -15,14 +15,13 @@ type Config struct {
 	BindUser       string `yaml:"user" envconfig:"LDAP_USER"`
 	BindPass       string `yaml:"pass" envconfig:"LDAP_PASSWORD"`

-	Type                 Type   `yaml:"typ" envconfig:"LDAP_TYPE"` // AD for active directory, OpenLDAP for OpenLDAP
-	UserClass            string `yaml:"userClass" envconfig:"LDAP_USER_CLASS"`
 	EmailAttribute       string `yaml:"attrEmail" envconfig:"LDAP_ATTR_EMAIL"`
 	FirstNameAttribute   string `yaml:"attrFirstname" envconfig:"LDAP_ATTR_FIRSTNAME"`
 	LastNameAttribute    string `yaml:"attrLastname" envconfig:"LDAP_ATTR_LASTNAME"`
 	PhoneAttribute       string `yaml:"attrPhone" envconfig:"LDAP_ATTR_PHONE"`
 	GroupMemberAttribute string `yaml:"attrGroups" envconfig:"LDAP_ATTR_GROUPS"`
-	DisabledAttribute    string `yaml:"attrDisabled" envconfig:"LDAP_ATTR_DISABLED"`

+	LoginFilter    string `yaml:"loginFilter" envconfig:"LDAP_LOGIN_FILTER"` // {{login_identifier}} gets replaced with the login email address
+	SyncFilter     string `yaml:"syncFilter" envconfig:"LDAP_SYNC_FILTER"`
 	AdminLdapGroup string `yaml:"adminGroup" envconfig:"LDAP_ADMIN_GROUP"` // Members of this group receive admin rights in WG-Portal
 }
--- a/internal/ldap/ldap.go
+++ b/internal/ldap/ldap.go
@@ -2,8 +2,6 @@ package ldap

 import (
 	"crypto/tls"
-	"fmt"
-	"strconv"

 	"github.com/go-ldap/ldap/v3"
 	"github.com/pkg/errors"
@@ -54,13 +52,10 @@ func FindAllUsers(cfg *Config) ([]RawLdapData, error) {
 	// Search all users
 	attrs := []string{"dn", cfg.EmailAttribute, cfg.EmailAttribute, cfg.FirstNameAttribute, cfg.LastNameAttribute,
 		cfg.PhoneAttribute, cfg.GroupMemberAttribute}
-	if cfg.DisabledAttribute != "" {
-		attrs = append(attrs, cfg.DisabledAttribute)
-	}
 	searchRequest := ldap.NewSearchRequest(
 		cfg.BaseDN,
 		ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
-		fmt.Sprintf("(objectClass=%s)", cfg.UserClass), attrs, nil,
+		cfg.SyncFilter, attrs, nil,
 	)

 	sr, err := client.Search(searchRequest)
@@ -87,27 +82,3 @@ func FindAllUsers(cfg *Config) ([]RawLdapData, error) {

 	return tmpData, nil
 }
-
-func IsActiveDirectoryUserDisabled(userAccountControl string) bool {
-	if userAccountControl == "" {
-		return false
-	}
-
-	uacInt, err := strconv.ParseInt(userAccountControl, 10, 32)
-	if err != nil {
-		return true
-	}
-	if int32(uacInt)&0x2 != 0 {
-		return true // bit 2 set means account is disabled
-	}
-
-	return false
-}
-
-func IsOpenLdapUserDisabled(pwdAccountLockedTime string) bool {
-	if pwdAccountLockedTime != "" {
-		return true
-	}
-
-	return false
-}