Commit 323af55b authored by Arthur Schiwon's avatar Arthur Schiwon
Browse files

inlcude AD primary group in user filter, if a group is selected. fixes #12190

parent 55142186
......@@ -850,13 +850,23 @@ class Wizard extends LDAPUtility {
}
$base = $this->configuration->ldapBase[0];
foreach($cns as $cn) {
$rr = $this->ldap->search($cr, $base, 'cn=' . $cn, array('dn'));
$rr = $this->ldap->search($cr, $base, 'cn=' . $cn, array('dn', 'primaryGroupToken'));
if(!$this->ldap->isResource($rr)) {
continue;
}
$er = $this->ldap->firstEntry($cr, $rr);
$attrs = $this->ldap->getAttributes($cr, $er);
$dn = $this->ldap->getDN($cr, $er);
$filter .= '(memberof=' . $dn . ')';
if(empty($dn)) {
continue;
}
$filterPart = '(memberof=' . $dn . ')';
if(isset($attrs['primaryGroupToken'])) {
$pgt = $attrs['primaryGroupToken'][0];
$primaryFilterPart = '(primaryGroupID=' . $pgt .')';
$filterPart = '(|' . $filterPart . $primaryFilterPart . ')';
}
$filter .= $filterPart;
}
$filter .= ')';
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment