From aaa6b065cc9a0543203164b29a8ae9f4716e9ffb Mon Sep 17 00:00:00 2001
From: Luca <luca.tagliavini5@studio.unibo.it>
Date: Thu, 12 Jan 2023 11:02:48 +0100
Subject: [PATCH] Add dn filter support

Support has been added in both user and group searches
---
 server/src/domain/ldap/group.rs | 16 +++++++++++++++-
 server/src/domain/ldap/user.rs  | 18 +++++++++++++++++-
 2 files changed, 32 insertions(+), 2 deletions(-)

diff --git a/server/src/domain/ldap/group.rs b/server/src/domain/ldap/group.rs
index 2ab5b64..4df4ec4 100644
--- a/server/src/domain/ldap/group.rs
+++ b/server/src/domain/ldap/group.rs
@@ -12,7 +12,8 @@ use crate::domain::{
 use super::{
     error::LdapResult,
     utils::{
-        expand_attribute_wildcards, get_user_id_from_distinguished_name, map_group_field, LdapInfo,
+        expand_attribute_wildcards, get_group_id_from_distinguished_name,
+        get_user_id_from_distinguished_name, map_group_field, LdapInfo,
     },
 };
 
@@ -126,6 +127,19 @@ fn convert_group_filter(
                         vec![],
                     )))),
                 },
+                "dn" => Ok(
+                    match get_group_id_from_distinguished_name(
+                        value.to_ascii_lowercase().as_str(),
+                        &ldap_info.base_dn,
+                        &ldap_info.base_dn_str,
+                    ) {
+                        Ok(value) => GroupRequestFilter::DisplayName(value),
+                        Err(_) => {
+                            warn!("Invalid dn filter on user: {}", value);
+                            GroupRequestFilter::Not(Box::new(GroupRequestFilter::And(vec![])))
+                        }
+                    },
+                ),
                 _ => match map_group_field(field) {
                     Some(GroupColumn::DisplayName) => {
                         Ok(GroupRequestFilter::DisplayName(value.to_string()))
diff --git a/server/src/domain/ldap/user.rs b/server/src/domain/ldap/user.rs
index 6903aa4..20b06c9 100644
--- a/server/src/domain/ldap/user.rs
+++ b/server/src/domain/ldap/user.rs
@@ -6,7 +6,10 @@ use tracing::{debug, info, instrument, warn};
 
 use crate::domain::{
     handler::{BackendHandler, UserRequestFilter},
-    ldap::{error::LdapError, utils::expand_attribute_wildcards},
+    ldap::{
+        error::LdapError,
+        utils::{expand_attribute_wildcards, get_user_id_from_distinguished_name},
+    },
     types::{GroupDetails, User, UserColumn, UserId},
 };
 
@@ -147,6 +150,19 @@ fn convert_user_filter(ldap_info: &LdapInfo, filter: &LdapFilter) -> LdapResult<
                         vec![],
                     )))),
                 },
+                "dn" => Ok(
+                    match get_user_id_from_distinguished_name(
+                        value.to_ascii_lowercase().as_str(),
+                        &ldap_info.base_dn,
+                        &ldap_info.base_dn_str,
+                    ) {
+                        Ok(value) => UserRequestFilter::UserId(value),
+                        Err(_) => {
+                            warn!("Invalid dn filter on user: {}", value);
+                            UserRequestFilter::Not(Box::new(UserRequestFilter::And(vec![])))
+                        }
+                    },
+                ),
                 _ => match map_user_field(field) {
                     Some(UserColumn::UserId) => Ok(UserRequestFilter::UserId(UserId::new(value))),
                     Some(field) => Ok(UserRequestFilter::Equality(field, value.clone())),