Content
LDAP filter - select in LDAP, which Users may login
Added by Gustav Gans over 5 years ago
Hello,
i need a way to filter the LDAP authentification in OpenProject 7.4.7 on Debian 9.5. i have found this new task:
https://community.openproject.com/projects/openproject/work_packages/2290/activity
But there is no answer, its just new, since 2013…..
Edit: i have found in the vendor/bundle/ruby/2.4.0/gems/net-ldap-0.16.0/lib/net/ldap/connection.rb :
#--
# Alternate implementation, this yields each search entry to the caller as
# it are received.
#
# TODO: certain search parameters are hardcoded.
# TODO: if we mis-parse the server results or the results are wrong, we
# can block forever. That's because we keep reading results until we get a
# type-5 packet, which might never come. We need to support the time-limit
# in the protocol.
#++
def search(args = nil)
args ||= {}
# filtering, scoping, search base
# filter: https://tools.ietf.org/html/rfc4511#section-4.5.1.7
# base: https://tools.ietf.org/html/rfc4511#section-4.5.1.1
# scope: https://tools.ietf.org/html/rfc4511#section-4.5.1.2
filter = args[:filter] || Net::LDAP::Filter.eq("objectClass", "memberOf=cn=openproject,ou=Programme,ou=groups,dc=example,dc=org")
base = args[:base]
scope = args[:scope] || Net::LDAP::SearchScope_WholeSubtree
restart op, but that doesn’t change anything.