From 7e62cc6eda5f284509e9e3e1d2e2354099596d4a Mon Sep 17 00:00:00 2001 From: Valentin Tolmer Date: Sun, 29 May 2022 17:41:37 +0200 Subject: [PATCH] ldap: handle "present" filters for groups --- server/src/infra/ldap_handler.rs | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/server/src/infra/ldap_handler.rs b/server/src/infra/ldap_handler.rs index bbf2e81..9daed83 100644 --- a/server/src/infra/ldap_handler.rs +++ b/server/src/infra/ldap_handler.rs @@ -724,6 +724,15 @@ impl LdapHandler Ok(GroupRequestFilter::Not(Box::new( self.convert_group_filter(&*filter)?, ))), + LdapFilter::Present(field) => { + if ALL_GROUP_ATTRIBUTE_KEYS.contains(&field.to_lowercase().as_str()) { + Ok(GroupRequestFilter::And(vec![])) + } else { + Ok(GroupRequestFilter::Not(Box::new(GroupRequestFilter::And( + vec![], + )))) + } + } _ => bail!("Unsupported group filter: {:?}", filter), } } @@ -1304,6 +1313,11 @@ mod tests { GroupRequestFilter::Member(UserId::new("bob")), GroupRequestFilter::And(vec![]), GroupRequestFilter::And(vec![]), + GroupRequestFilter::And(vec![]), + GroupRequestFilter::And(vec![]), + GroupRequestFilter::Not(Box::new(GroupRequestFilter::Not(Box::new( + GroupRequestFilter::And(vec![]), + )))), ])))) .times(1) .return_once(|_| { @@ -1324,6 +1338,11 @@ mod tests { ), LdapFilter::Equality("objectclass".to_string(), "groupOfUniqueNames".to_string()), LdapFilter::Equality("objectclass".to_string(), "groupOfNames".to_string()), + LdapFilter::Present("objectclass".to_string()), + LdapFilter::Present("dn".to_string()), + LdapFilter::Not(Box::new(LdapFilter::Present( + "random_attribute".to_string(), + ))), ]), vec!["1.1"], );