Bug 122365 - Allow installation definable LDAP filters

r,a=justdave

diff --git a/Bugzilla/Auth/LDAP.pm b/Bugzilla/Auth/LDAP.pm
index 179b5a2c588dc9174beeb4ddd175b31476652a04..c34c3698fe3d9d9f9575f05f31dff9ea8e1eb1ea 100644 (file)
--- a/Bugzilla/Auth/LDAP.pm
+++ b/Bugzilla/Auth/LDAP.pm
@@ -84,7 +84,7 @@ sub authenticate {
     # We've got our anonymous bind;  let's look up this user.
     $mesg = $LDAPconn->search( base   => Param("LDAPBaseDN"),
                                scope  => "sub",
-                               filter => Param("LDAPuidattribute") . "=$username",
+                               filter => '(&(' . Param("LDAPuidattribute") . "=$username)" . Param("LDAPfilter") . ')',
                                attrs  => ['dn'],
                              );
     return (AUTH_LOGINFAILED, undef, "lookup_failure")
@@ -102,7 +102,7 @@ sub authenticate {
     # mail attribute for this user.
     $mesg = $LDAPconn->search( base   => Param("LDAPBaseDN"),
                                scope  => "sub",
-                               filter => Param("LDAPuidattribute") . "=$username",
+                               filter => '(&(' . Param("LDAPuidattribute") . "=$username)" . Param("LDAPfilter") . ')',
                              );
     my $user_entry = $mesg->shift_entry if !$mesg->code && $mesg->count;
     if(!$user_entry || !$user_entry->exists(Param("LDAPmailattribute"))) {

diff --git a/defparams.pl b/defparams.pl
index 15232ad4696685030c1fc4bc7e7858f7247359f9..e2dcf753372d6547cc9bd3ab7bdef398d9a50746 100644 (file)
--- a/defparams.pl
+++ b/defparams.pl
@@ -388,6 +388,14 @@ sub check_loginmethod {
    default => 'mail'
   },
 
+  {
+   name => 'LDAPfilter',
+   desc => 'LDAP filter to AND with the <tt>LDAPuidattribute</tt> for ' .
+           'filtering the list of valid users.',
+   type => 't',
+   default => '',
+  },
+
   {
    name => 'loginmethod',
    desc => 'The type of login authentication to use: