phpldapadmin/app/Ldap/Rules/LoginObjectclassRule.php

<?php

namespace App\Ldap\Rules;

use Illuminate\Database\Eloquent\Model as Eloquent;
use LdapRecord\Laravel\Auth\Rule;
use LdapRecord\Models\Model as LdapRecord;

/**
 * User must have this objectClass to login
 *
 * This is overridden by LDAP_LOGIN_OBJECTCLASS
 * @see User::$objectClasses
 */
class LoginObjectclassRule implements Rule
{
    public function passes(LdapRecord $user, Eloquent $model = null): bool
    {
		if ($x=config('ldap.login.objectclass')) {
			return count(array_intersect($user->objectclass,$x));

		// Otherwise allow the user to login
		} else {
			return TRUE;
		}
    }
}
Implement LdapRule to limit user logins by objectclass. Now logins are allowed by any objectclass unless LDAP_LOGIN_OBJECTCLASS is defined, we should be an array of allowed objectClass (any match). Improvement for #245 2024-01-08 01:54:58 +00:00			`<?php`

			`namespace App\Ldap\Rules;`

			`use Illuminate\Database\Eloquent\Model as Eloquent;`
			`use LdapRecord\Laravel\Auth\Rule;`
			`use LdapRecord\Models\Model as LdapRecord;`

			`/**`
			`* User must have this objectClass to login`
			`*`
			`* This is overridden by LDAP_LOGIN_OBJECTCLASS`
			`* @see User::$objectClasses`
			`*/`
			`class LoginObjectclassRule implements Rule`
			`{`
			`public function passes(LdapRecord $user, Eloquent $model = null): bool`
			`{`
			`if ($x=config('ldap.login.objectclass')) {`
			`return count(array_intersect($user->objectclass,$x));`

			`// Otherwise allow the user to login`
			`} else {`
			`return TRUE;`
			`}`
			`}`
			`}`