Module config options for additional object classes

ldap-useradmin/CHANGELOG

@@ -73,3 +73,5 @@ Modifying a user now correctly changes the sn attribute too.
 Added a field for editing the description for LDAP groups.
 ---- Changes since 1.510 ----
 The list of groups now includes descriptions, if any are set.
+---- Changes since 1.520 ----
+Added Module Config options for additional LDAP filters to find users and groups, in addition to the posixAccount / posixGroup object class filters.

ldap-useradmin/batch_exec.cgi

@@ -242,7 +242,7 @@ LINE: foreach $line (split(/[\r\n]+/, $data)) {
 		$newdn = "uid=$user{'user'},$base";
 		$rv = $ldap->search(base => $newdn,
 				    scope => 'base',
-				    filter => '(&(objectClass=posixAccount))');
+				    filter => &user_filter());
 		($uinfo) = $rv->all_entries;
 		%user = &dn_to_hash($uinfo);
 

ldap-useradmin/config.info

@@ -23,6 +23,8 @@ group_fields=Extra LDAP group properties to allow editing of<br>(In <i>fieldname
 multi_fields=Allow multiple values for extra properties?,1,1-Yes,0-No
 noclash=Attributes for which duplicates are disallowed,0
 person=Give all Unix users the <tt>person</tt> object class?,1,1-Yes,0-No
+user_filter=Additional LDAP filter for users,3,None,,,,Attribute=value
+group_filter=Additional LDAP filter for groups,3,None,,,,Attribute=value
 
 line5=Home directory options,11
 homedir_perms=Permissions on new home directories,3,From Users and Groups module

ldap-useradmin/edit_group.cgi

@@ -12,7 +12,7 @@ if ($in{'new'}) {
 else {
 	$rv = $ldap->search(base => $in{'dn'},
 			    scope => 'base',
-			    filter => '(objectClass=posixGroup)');
+			    filter => &group_filter());
 	($ginfo) = $rv->all_entries;
 	$group = $ginfo->get_value('cn');
 	$gid = $ginfo->get_value('gidNumber');

ldap-useradmin/edit_user.cgi

@@ -36,7 +36,7 @@ else {
 	# Get values from current user
 	$rv = $ldap->search(base => $in{'dn'},
 			    scope => 'base',
-			    filter => '(objectClass=posixAccount)');
+			    filter => &user_filter());
 	($uinfo) = $rv->all_entries;
 	@users = $uinfo->get_value('uid');
 	$user = $users[0];
@@ -279,7 +279,7 @@ if ($config{'secmode'} != 1) {
 	@defsecs = &split_quoted_string($mconfig{'default_secs'});
 	$base = &get_group_base();
 	$rv = $ldap->search(base => $base,
-			    filter => '(objectClass=posixGroup)');
+			    filter => &group_filter());
 	%ingroups = ( );
 	foreach $g (sort { lc($a->dn()) cmp lc($b->dn()) } $rv->all_entries) {
 		$group = $g->get_value("cn");

ldap-useradmin/index.cgi

@@ -101,12 +101,12 @@ elsif ($config{'md5'} == 3 || $config{'md5'} == 4) {
 # Count the number of users and groups
 $base = &get_user_base();
 $rv = $ldap->search(base => $base,
-		    filter => '(objectClass=posixAccount)',
+		    filter => &user_filter(),
 		    sizelimit => $mconfig{'display_max'}+1);
 $ucount = $rv->count;
 $base = &get_group_base();
 $rv = $ldap->search(base => $base,
-		    filter => '(objectClass=posixGroup)',
+		    filter => &group_filter(),
 		    sizelimit => $mconfig{'display_max'}+1);
 $gcount = $rv->count;
 

ldap-useradmin/ldap-useradmin-lib.pl

@@ -173,7 +173,7 @@ if (!defined(@list_users_cache)) {
 	local $ldap = &ldap_connect();
 	local $base = &get_user_base();
 	local $rv = $ldap->search(base => $base,
-			    filter => '(objectClass=posixAccount)');
+				  filter => &user_filter());
 	local $u;
 	foreach $u ($rv->all_entries) {
 		local %uinfo = &dn_to_hash($u);
@@ -292,7 +292,7 @@ if (!defined(@list_groups_cache)) {
 	local $ldap = &ldap_connect();
 	local $base = &get_group_base();
 	local $rv = $ldap->search(base => $base,
-			    filter => '(objectClass=posixGroup)');
+				  filter => &group_filter());
 	local $g;
 	foreach $g ($rv->all_entries) {
 		local %ginfo = &dn_to_hash($g);
@@ -1070,7 +1070,8 @@ if ($new) {
 			# Find existing group with the same GID
 			local $base = &get_group_base();
 			local $rv = $ldap->search(base => $base,
-			    filter => "(&(objectClass=posixGroup)(gidNumber=$user->{'gid'}))");
+			    filter => "(&".&group_filter().
+				      "(gidNumber=$user->{'gid'}))");
 			local ($ginfo) = $rv->all_entries;
 			if ($ginfo && $ginfo->get_value("sambaSID")) {
 				# We can get the SID from the actual group
@@ -1199,5 +1200,27 @@ for(my $i=0; $i<@$props; $i++) {
 return undef;
 }
 
+# user_filter()
+# Returns an LDAP filter expression to find users
+sub user_filter
+{
+my $rv = "(objectClass=posixAccount)";
+if ($config{'user_filter'}) {
+	$rv = "(&".$rv."(".$config{'user_filter'}."))";
+	}
+return $rv;
+}
+
+# group_filter()
+# Returns an LDAP filter expression to find groups
+sub group_filter
+{
+my $rv = "(objectClass=posixGroup)";
+if ($config{'group_filter'}) {
+	$rv = "(&".$rv."(".$config{'group_filter'}."))";
+	}
+return $rv;
+}
+
 1;
 

ldap-useradmin/raw.cgi

@@ -8,12 +8,12 @@ $schema = $ldap->schema();
 if ($in{'user'}) {
 	$rv = $ldap->search(base => $in{'dn'},
 			    scope => 'base',
-			    filter => '(objectClass=posixAccount)');
+			    filter => &user_filter());
 	}
 else {
 	$rv = $ldap->search(base => $in{'dn'},
 			    scope => 'base',
-			    filter => '(objectClass=posixGroup)');
+			    filter => &group_filter());
 	}
 ($what) = $rv->all_entries;
 

ldap-useradmin/save_group.cgi

@@ -13,7 +13,7 @@ if (!$in{'new'}) {
 	# Get existing group
 	$rv = $ldap->search(base => $in{'dn'},
 			    scope => 'base',
-			    filter => '(&(objectClass=posixGroup))');
+			    filter => &group_filter());
 	($ginfo) = $rv->all_entries;
 	$ginfo || &error($text{'gsave_egone'});
 	$olddesc = $ginfo->get_value('description');

ldap-useradmin/save_user.cgi

@@ -12,7 +12,7 @@ if (!$in{'new'}) {
 	# Get existing user
 	$rv = $ldap->search(base => $in{'dn'},
 			    scope => 'base',
-			    filter => '(&(objectClass=posixAccount))');
+			    filter => &user_filter());
 	($uinfo) = $rv->all_entries;
 	$uinfo || &error($text{'usave_egone'});
 	%ouser = &dn_to_hash($uinfo);
@@ -63,7 +63,7 @@ elsif ($in{'delete'}) {
 		print "$text{'udel_groups'}<br>\n";
 		$base = &get_group_base();
 		$rv = $ldap->search(base => $base,
-				    filter => '(&(objectClass=posixGroup))');
+				    filter => &group_filter());
 		foreach $g ($rv->all_entries) {
 			local @mems = $g->get_value("memberUid");
 			local $idx = &indexof($user, @mems);
@@ -617,7 +617,7 @@ else {
 			}
 		$base = &get_group_base();
 		$rv = $ldap->search(base => $base,
-				    filter => '(&(objectClass=posixGroup))');
+				    filter => &group_filter());
 		foreach $g ($rv->all_entries) {
 			local @mems = $g->get_value("memberUid");
 			local $gname = $g->get_value("cn");
@@ -663,7 +663,7 @@ else {
 	# Get the updated user object
 	$rv = $ldap->search(base => $newdn,
 			    scope => 'base',
-			    filter => '(&(objectClass=posixAccount))');
+			    filter => &user_filter());
 	($uinfo) = $rv->all_entries;
 	%user = &dn_to_hash($uinfo);
 

ldap-useradmin/search_group.cgi

@@ -22,7 +22,7 @@ elsif ($in{'match'} == 3) {
 	$search = "(!($in{'field'}=*$in{'what'}*))";
 	}
 $rv = $ldap->search(base => $base,
-		    filter => "(&(objectClass=posixGroup)$search)");
+		    filter => "(&".&group_filter().$search.")");
 if ($rv->code) {
 	&error(&text('search_err', "<tt>$search</tt>",
 		     "<tt>$base</tt>", $rv->error));

ldap-useradmin/search_user.cgi

@@ -22,7 +22,7 @@ elsif ($in{'match'} == 3) {
 	$search = "(!($in{'field'}=*$in{'what'}*))";
 	}
 $rv = $ldap->search(base => $base,
-		    filter => "(&(objectClass=posixAccount)$search)");
+		    filter => "(&".&user_filter().$search.")");
 if ($rv->code) {
 	&error(&text('search_err', "<tt>$search</tt>",
 		     "<tt>$base</tt>", $rv->error));