diff --git a/ldap-useradmin/CHANGELOG b/ldap-useradmin/CHANGELOG
index 69593700c..770af832e 100644
--- a/ldap-useradmin/CHANGELOG
+++ b/ldap-useradmin/CHANGELOG
@@ -73,3 +73,5 @@ Modifying a user now correctly changes the sn attribute too.
Added a field for editing the description for LDAP groups.
---- Changes since 1.510 ----
The list of groups now includes descriptions, if any are set.
+---- Changes since 1.520 ----
+Added Module Config options for additional LDAP filters to find users and groups, in addition to the posixAccount / posixGroup object class filters.
diff --git a/ldap-useradmin/batch_exec.cgi b/ldap-useradmin/batch_exec.cgi
index 7b7bc7c1b..03bacac7e 100755
--- a/ldap-useradmin/batch_exec.cgi
+++ b/ldap-useradmin/batch_exec.cgi
@@ -242,7 +242,7 @@ LINE: foreach $line (split(/[\r\n]+/, $data)) {
$newdn = "uid=$user{'user'},$base";
$rv = $ldap->search(base => $newdn,
scope => 'base',
- filter => '(&(objectClass=posixAccount))');
+ filter => &user_filter());
($uinfo) = $rv->all_entries;
%user = &dn_to_hash($uinfo);
diff --git a/ldap-useradmin/config.info b/ldap-useradmin/config.info
index 599e031f9..7faa6bf8e 100644
--- a/ldap-useradmin/config.info
+++ b/ldap-useradmin/config.info
@@ -23,6 +23,8 @@ group_fields=Extra LDAP group properties to allow editing of
(In fieldname
multi_fields=Allow multiple values for extra properties?,1,1-Yes,0-No
noclash=Attributes for which duplicates are disallowed,0
person=Give all Unix users the person object class?,1,1-Yes,0-No
+user_filter=Additional LDAP filter for users,3,None,,,,Attribute=value
+group_filter=Additional LDAP filter for groups,3,None,,,,Attribute=value
line5=Home directory options,11
homedir_perms=Permissions on new home directories,3,From Users and Groups module
diff --git a/ldap-useradmin/edit_group.cgi b/ldap-useradmin/edit_group.cgi
index 7d0089b70..e991ab729 100755
--- a/ldap-useradmin/edit_group.cgi
+++ b/ldap-useradmin/edit_group.cgi
@@ -12,7 +12,7 @@ if ($in{'new'}) {
else {
$rv = $ldap->search(base => $in{'dn'},
scope => 'base',
- filter => '(objectClass=posixGroup)');
+ filter => &group_filter());
($ginfo) = $rv->all_entries;
$group = $ginfo->get_value('cn');
$gid = $ginfo->get_value('gidNumber');
diff --git a/ldap-useradmin/edit_user.cgi b/ldap-useradmin/edit_user.cgi
index 60e92ef48..3a5ab8efc 100755
--- a/ldap-useradmin/edit_user.cgi
+++ b/ldap-useradmin/edit_user.cgi
@@ -36,7 +36,7 @@ else {
# Get values from current user
$rv = $ldap->search(base => $in{'dn'},
scope => 'base',
- filter => '(objectClass=posixAccount)');
+ filter => &user_filter());
($uinfo) = $rv->all_entries;
@users = $uinfo->get_value('uid');
$user = $users[0];
@@ -279,7 +279,7 @@ if ($config{'secmode'} != 1) {
@defsecs = &split_quoted_string($mconfig{'default_secs'});
$base = &get_group_base();
$rv = $ldap->search(base => $base,
- filter => '(objectClass=posixGroup)');
+ filter => &group_filter());
%ingroups = ( );
foreach $g (sort { lc($a->dn()) cmp lc($b->dn()) } $rv->all_entries) {
$group = $g->get_value("cn");
diff --git a/ldap-useradmin/index.cgi b/ldap-useradmin/index.cgi
index 61eba9ab8..8f9a32267 100755
--- a/ldap-useradmin/index.cgi
+++ b/ldap-useradmin/index.cgi
@@ -101,12 +101,12 @@ elsif ($config{'md5'} == 3 || $config{'md5'} == 4) {
# Count the number of users and groups
$base = &get_user_base();
$rv = $ldap->search(base => $base,
- filter => '(objectClass=posixAccount)',
+ filter => &user_filter(),
sizelimit => $mconfig{'display_max'}+1);
$ucount = $rv->count;
$base = &get_group_base();
$rv = $ldap->search(base => $base,
- filter => '(objectClass=posixGroup)',
+ filter => &group_filter(),
sizelimit => $mconfig{'display_max'}+1);
$gcount = $rv->count;
diff --git a/ldap-useradmin/ldap-useradmin-lib.pl b/ldap-useradmin/ldap-useradmin-lib.pl
index 97b06e08b..851308164 100755
--- a/ldap-useradmin/ldap-useradmin-lib.pl
+++ b/ldap-useradmin/ldap-useradmin-lib.pl
@@ -173,7 +173,7 @@ if (!defined(@list_users_cache)) {
local $ldap = &ldap_connect();
local $base = &get_user_base();
local $rv = $ldap->search(base => $base,
- filter => '(objectClass=posixAccount)');
+ filter => &user_filter());
local $u;
foreach $u ($rv->all_entries) {
local %uinfo = &dn_to_hash($u);
@@ -292,7 +292,7 @@ if (!defined(@list_groups_cache)) {
local $ldap = &ldap_connect();
local $base = &get_group_base();
local $rv = $ldap->search(base => $base,
- filter => '(objectClass=posixGroup)');
+ filter => &group_filter());
local $g;
foreach $g ($rv->all_entries) {
local %ginfo = &dn_to_hash($g);
@@ -1070,7 +1070,8 @@ if ($new) {
# Find existing group with the same GID
local $base = &get_group_base();
local $rv = $ldap->search(base => $base,
- filter => "(&(objectClass=posixGroup)(gidNumber=$user->{'gid'}))");
+ filter => "(&".&group_filter().
+ "(gidNumber=$user->{'gid'}))");
local ($ginfo) = $rv->all_entries;
if ($ginfo && $ginfo->get_value("sambaSID")) {
# We can get the SID from the actual group
@@ -1199,5 +1200,27 @@ for(my $i=0; $i<@$props; $i++) {
return undef;
}
+# user_filter()
+# Returns an LDAP filter expression to find users
+sub user_filter
+{
+my $rv = "(objectClass=posixAccount)";
+if ($config{'user_filter'}) {
+ $rv = "(&".$rv."(".$config{'user_filter'}."))";
+ }
+return $rv;
+}
+
+# group_filter()
+# Returns an LDAP filter expression to find groups
+sub group_filter
+{
+my $rv = "(objectClass=posixGroup)";
+if ($config{'group_filter'}) {
+ $rv = "(&".$rv."(".$config{'group_filter'}."))";
+ }
+return $rv;
+}
+
1;
diff --git a/ldap-useradmin/raw.cgi b/ldap-useradmin/raw.cgi
index 988545049..78deb9f60 100755
--- a/ldap-useradmin/raw.cgi
+++ b/ldap-useradmin/raw.cgi
@@ -8,12 +8,12 @@ $schema = $ldap->schema();
if ($in{'user'}) {
$rv = $ldap->search(base => $in{'dn'},
scope => 'base',
- filter => '(objectClass=posixAccount)');
+ filter => &user_filter());
}
else {
$rv = $ldap->search(base => $in{'dn'},
scope => 'base',
- filter => '(objectClass=posixGroup)');
+ filter => &group_filter());
}
($what) = $rv->all_entries;
diff --git a/ldap-useradmin/save_group.cgi b/ldap-useradmin/save_group.cgi
index 86b1aef54..29034579b 100755
--- a/ldap-useradmin/save_group.cgi
+++ b/ldap-useradmin/save_group.cgi
@@ -13,7 +13,7 @@ if (!$in{'new'}) {
# Get existing group
$rv = $ldap->search(base => $in{'dn'},
scope => 'base',
- filter => '(&(objectClass=posixGroup))');
+ filter => &group_filter());
($ginfo) = $rv->all_entries;
$ginfo || &error($text{'gsave_egone'});
$olddesc = $ginfo->get_value('description');
diff --git a/ldap-useradmin/save_user.cgi b/ldap-useradmin/save_user.cgi
index 2d93cc233..239ace62c 100755
--- a/ldap-useradmin/save_user.cgi
+++ b/ldap-useradmin/save_user.cgi
@@ -12,7 +12,7 @@ if (!$in{'new'}) {
# Get existing user
$rv = $ldap->search(base => $in{'dn'},
scope => 'base',
- filter => '(&(objectClass=posixAccount))');
+ filter => &user_filter());
($uinfo) = $rv->all_entries;
$uinfo || &error($text{'usave_egone'});
%ouser = &dn_to_hash($uinfo);
@@ -63,7 +63,7 @@ elsif ($in{'delete'}) {
print "$text{'udel_groups'}
\n";
$base = &get_group_base();
$rv = $ldap->search(base => $base,
- filter => '(&(objectClass=posixGroup))');
+ filter => &group_filter());
foreach $g ($rv->all_entries) {
local @mems = $g->get_value("memberUid");
local $idx = &indexof($user, @mems);
@@ -617,7 +617,7 @@ else {
}
$base = &get_group_base();
$rv = $ldap->search(base => $base,
- filter => '(&(objectClass=posixGroup))');
+ filter => &group_filter());
foreach $g ($rv->all_entries) {
local @mems = $g->get_value("memberUid");
local $gname = $g->get_value("cn");
@@ -663,7 +663,7 @@ else {
# Get the updated user object
$rv = $ldap->search(base => $newdn,
scope => 'base',
- filter => '(&(objectClass=posixAccount))');
+ filter => &user_filter());
($uinfo) = $rv->all_entries;
%user = &dn_to_hash($uinfo);
diff --git a/ldap-useradmin/search_group.cgi b/ldap-useradmin/search_group.cgi
index cbc942995..1eb3a343e 100755
--- a/ldap-useradmin/search_group.cgi
+++ b/ldap-useradmin/search_group.cgi
@@ -22,7 +22,7 @@ elsif ($in{'match'} == 3) {
$search = "(!($in{'field'}=*$in{'what'}*))";
}
$rv = $ldap->search(base => $base,
- filter => "(&(objectClass=posixGroup)$search)");
+ filter => "(&".&group_filter().$search.")");
if ($rv->code) {
&error(&text('search_err', "$search",
"$base", $rv->error));
diff --git a/ldap-useradmin/search_user.cgi b/ldap-useradmin/search_user.cgi
index 088c414ac..7f72fb57c 100755
--- a/ldap-useradmin/search_user.cgi
+++ b/ldap-useradmin/search_user.cgi
@@ -22,7 +22,7 @@ elsif ($in{'match'} == 3) {
$search = "(!($in{'field'}=*$in{'what'}*))";
}
$rv = $ldap->search(base => $base,
- filter => "(&(objectClass=posixAccount)$search)");
+ filter => "(&".&user_filter().$search.")");
if ($rv->code) {
&error(&text('search_err', "$search",
"$base", $rv->error));