Add LDAP user_filter and group_filter config settings

[thomas-pike]

If users and groups are in the same subtree in LDAP, very confusing things can happen (eg. lines 44-52 of views/server.php will find a "user" that is actually a group when trying to add a group as an admin of a server).

If we add some optional user_query and group_query attributes to filter them separately then we can avoid this problem and support a greater variety of LDAP structures.

[thomas-pike]

Perhaps user_filter and group_filter would be better names.

[thomas-pike]

group_filter isn't actually needed, since we never directly fetch groups (instead fetching them from the user's group_member attribute).

[thomas-pike]

group_filter isn't actually needed, since we never directly fetch groups (instead fetching them from the user's group_member attribute).

This is not entirely true. Although we do fetch based on the member attribute, we do still fetch from groups. While it shouldn't be necessary, it would be good to add it for safety anyway.

[wastez]

Now i get everywhere access denied.

[wastez]

Forget it. Sorry.

[wastez]

Ok, i get everywhere access denied right now if a user filter is set.

[thomas-pike]

Is your user filter correct? If it doesn't match any users that would be likely to cause all users to be deactivated.

[wastez]

Ok with user_filter = "(objectClass=user)" it is working.

[wastez]

Thank you very much ;)

[wastez]

And the other problem at first login?

[thomas-pike]

Ok, glad we finally got that sorted :) Now just to fix that last bug...

[wastez]

Really great, thanks for spending your time.