Skip to content
This repository was archived by the owner on Jul 24, 2023. It is now read-only.

Commit 7e27250

Browse files
committed
Added limitation filter
1 parent 68412e8 commit 7e27250

File tree

2 files changed

+36
-1
lines changed

2 files changed

+36
-1
lines changed

src/Config/auth.php

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,20 @@
2121

2222
'username_attribute' => ['username' => 'samaccountname'],
2323

24+
/*
25+
|--------------------------------------------------------------------------
26+
| Limitation Filter
27+
|--------------------------------------------------------------------------
28+
|
29+
| The limitation filter allows you to enter a raw filter to only allow
30+
| specific users / groups / ous to authenticate.
31+
|
32+
| This should be a standard LDAP filter.
33+
|
34+
*/
35+
36+
'limitation_filter' => '',
37+
2438
/*
2539
|--------------------------------------------------------------------------
2640
| Login Fallback

src/Traits/ImportsUsers.php

Lines changed: 22 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -207,7 +207,18 @@ protected function handleAttributeRetrieval(User $user, $field)
207207
*/
208208
protected function newAdldapUserQuery()
209209
{
210-
return Adldap::users()->search()->select($this->getSelectAttributes());
210+
/** @var \Adldap\Query\Builder $query */
211+
$query = Adldap::users()->search();
212+
213+
$filter = $this->getLimitationFilter();
214+
215+
if (!empty($filter)) {
216+
// If we're provided a login limitation filter,
217+
// we'll add it to the user query.
218+
$query->rawFilter($filter);
219+
}
220+
221+
return $query->select($this->getSelectAttributes());
211222
}
212223

213224
/**
@@ -262,4 +273,14 @@ protected function getSyncAttributes()
262273
{
263274
return Config::get('adldap_auth.sync_attributes', ['name' => ActiveDirectory::COMMON_NAME]);
264275
}
276+
277+
/**
278+
* Returns the configured login limitation filter.
279+
*
280+
* @return string|null
281+
*/
282+
protected function getLimitationFilter()
283+
{
284+
return Config::get('adldap_auth.limitation_filter');
285+
}
265286
}

0 commit comments

Comments
 (0)