Skip to content

Commit

Permalink
Merge branch 'rel-10_0' into rel-10_1
Browse files Browse the repository at this point in the history
  • Loading branch information
Sven committed Sep 18, 2023
2 parents 4c96c3e + 15fd728 commit 063cdbe
Showing 1 changed file with 58 additions and 0 deletions.
58 changes: 58 additions & 0 deletions Kernel/System/Auth/Sync/LDAP.pm
View file
Original file line number Diff line number Diff line change
Expand Up @@ -231,6 +231,64 @@ sub Sync {
return;
}

# check if user need to be in a group!
if ( $Self->{AccessAttr} && $Self->{GroupDN} ) {

# just in case for debug
if ( $Self->{Debug} > 0 ) {
$Kernel::OM->Get('Kernel::System::Log')->Log(
Priority => 'notice',
Message => 'check for groupdn!',
);
}

# search if we're allowed to
my $Filter2 = '';
if ( $Self->{UserAttr} eq 'DN' ) {
$Filter2 = "($Self->{AccessAttr}=" . escape_filter_value($UserDN) . ')';
}
else {
$Filter2 = "($Self->{AccessAttr}=" . escape_filter_value( $Param{User} ) . ')';
}
my $Result2 = $LDAP->search(
base => $Self->{GroupDN},
filter => $Filter2,
attrs => ['1.1'],
);
if ( $Result2->code() ) {
$Kernel::OM->Get('Kernel::System::Log')->Log(
Priority => 'error',
Message => "Search failed! base='$Self->{GroupDN}', filter='$Filter2', "
. $Result2->error(),
);

# take down session
$LDAP->unbind();
return;
}

# extract it
my $GroupDN = '';
for my $Entry ( $Result2->all_entries() ) {
$GroupDN = $Entry->dn();
}

# log if there is no LDAP entry
if ( !$GroupDN ) {

# failed login note
$Kernel::OM->Get('Kernel::System::Log')->Log(
Priority => 'notice',
Message => "User: $Param{User} synchronitation failed, no LDAP group entry found"
. "GroupDN='$Self->{GroupDN}', Filter='$Filter2'! (REMOTE_ADDR: $RemoteAddr).",
);

# take down session
$LDAP->unbind();
return;
}
}

# get needed objects
my $UserObject = $Kernel::OM->Get('Kernel::System::User');
my $ConfigObject = $Kernel::OM->Get('Kernel::Config');
Expand Down

0 comments on commit 063cdbe

Please sign in to comment.