Add dn filter support

Support has been added in both user and group searches
2023-04-12 14:25:13 +00:00 · 2023-01-12 11:02:48 +01:00 · 2023-01-12 11:02:48 +01:00 · aaa6b065cc
commit aaa6b065cc
parent f979e16b95
2 changed files with 32 additions and 2 deletions
--- a/server/src/domain/ldap/group.rs
+++ b/server/src/domain/ldap/group.rs
@ -12,7 +12,8 @@ use crate::domain::{
 use super::{
    error::LdapResult,
    utils::{
-        expand_attribute_wildcards, get_user_id_from_distinguished_name, map_group_field, LdapInfo,
+        expand_attribute_wildcards, get_group_id_from_distinguished_name,
+        get_user_id_from_distinguished_name, map_group_field, LdapInfo,
    },
 };

@ -126,6 +127,19 @@ fn convert_group_filter(
                        vec![],
                    )))),
                },
+                "dn" => Ok(
+                    match get_group_id_from_distinguished_name(
+                        value.to_ascii_lowercase().as_str(),
+                        &ldap_info.base_dn,
+                        &ldap_info.base_dn_str,
+                    ) {
+                        Ok(value) => GroupRequestFilter::DisplayName(value),
+                        Err(_) => {
+                            warn!("Invalid dn filter on user: {}", value);
+                            GroupRequestFilter::Not(Box::new(GroupRequestFilter::And(vec![])))
+                        }
+                    },
+                ),
                _ => match map_group_field(field) {
                    Some(GroupColumn::DisplayName) => {
                        Ok(GroupRequestFilter::DisplayName(value.to_string()))
--- a/server/src/domain/ldap/user.rs
+++ b/server/src/domain/ldap/user.rs
@ -6,7 +6,10 @@ use tracing::{debug, info, instrument, warn};

 use crate::domain::{
    handler::{BackendHandler, UserRequestFilter},
-    ldap::{error::LdapError, utils::expand_attribute_wildcards},
+    ldap::{
+        error::LdapError,
+        utils::{expand_attribute_wildcards, get_user_id_from_distinguished_name},
+    },
    types::{GroupDetails, User, UserColumn, UserId},
 };

@ -147,6 +150,19 @@ fn convert_user_filter(ldap_info: &LdapInfo, filter: &LdapFilter) -> LdapResult<
                        vec![],
                    )))),
                },
+                "dn" => Ok(
+                    match get_user_id_from_distinguished_name(
+                        value.to_ascii_lowercase().as_str(),
+                        &ldap_info.base_dn,
+                        &ldap_info.base_dn_str,
+                    ) {
+                        Ok(value) => UserRequestFilter::UserId(value),
+                        Err(_) => {
+                            warn!("Invalid dn filter on user: {}", value);
+                            UserRequestFilter::Not(Box::new(UserRequestFilter::And(vec![])))
+                        }
+                    },
+                ),
                _ => match map_user_field(field) {
                    Some(UserColumn::UserId) => Ok(UserRequestFilter::UserId(UserId::new(value))),
                    Some(field) => Ok(UserRequestFilter::Equality(field, value.clone())),