From c6e1640752ffeb95c107f6d771f1e8e313d63d79 Mon Sep 17 00:00:00 2001
From: Deon George <deon@dege.au>
Date: Sat, 24 May 2025 22:02:12 +1000
Subject: [PATCH] Fix for when the logged in user's details doesnt include an
 objectclass (because the query didnt have the ACLs to return them). This
 should help #330 but doesnt allow the user to login even if they have the
 right objectclasses, but the query didnt return them.

---
 app/Ldap/Rules/LoginObjectclassRule.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/app/Ldap/Rules/LoginObjectclassRule.php b/app/Ldap/Rules/LoginObjectclassRule.php
index 0b9c8037..b0dc0c20 100644
--- a/app/Ldap/Rules/LoginObjectclassRule.php
+++ b/app/Ldap/Rules/LoginObjectclassRule.php
@@ -17,7 +17,10 @@ class LoginObjectclassRule implements Rule
     public function passes(LdapRecord $user,?Eloquent $model=NULL): bool
     {
 		if ($x=config('pla.login.objectclass')) {
-			return count(array_intersect($user->objectclass,$x));
+			return count(array_intersect(
+				array_map('strtolower',$user?->objectclass ?: []),
+				array_map('strtolower',$x)
+			));
 
 		// Otherwise allow the user to login
 		} else {