From d0c02b91c04af891760f7b16e7c1c5df3d61db12 Mon Sep 17 00:00:00 2001 From: Deon George Date: Tue, 17 Jun 2025 21:20:45 +1000 Subject: [PATCH] Re-implement LDAP_BASE_DN to limit what is shown in the tree, and what PLA uses internally to search the server. Fixes #342 --- app/Classes/LDAP/Server.php | 9 +++++---- config/pla.php | 11 +++++++++++ 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/app/Classes/LDAP/Server.php b/app/Classes/LDAP/Server.php index cbbfa4eb..d24386e0 100644 --- a/app/Classes/LDAP/Server.php +++ b/app/Classes/LDAP/Server.php @@ -69,7 +69,7 @@ final class Server public static function baseDNs(bool $objects=TRUE): Collection { try { - $rootdse = self::rootDSE(); + $namingcontexts = collect(config('pla.base_dns') ?: self::rootDSE()?->namingcontexts); /** * LDAP Error Codes: @@ -175,13 +175,13 @@ final class Server } if (! $objects) - return collect($rootdse->namingcontexts ?: []); + return $namingcontexts; - return Cache::remember('basedns'.Session::id(),config('ldap.cache.time'),function() use ($rootdse) { + return Cache::remember('basedns'.Session::id(),config('ldap.cache.time'),function() use ($namingcontexts) { $result = collect(); // @note: Incase our rootDSE didnt return a namingcontext, we'll have no base DNs - foreach (($rootdse->namingcontexts ?: []) as $dn) + foreach ($namingcontexts as $dn) $result->push(self::get($dn)->read()->find($dn)); return $result->filter()->sort(fn($item)=>$item->sort_key); @@ -298,6 +298,7 @@ final class Server * * @param string $key * @return int|bool + * @throws InvalidUsage */ public function get_attr_id(string $key): int|bool { diff --git a/config/pla.php b/config/pla.php index bbb09f75..0aaf11d7 100644 --- a/config/pla.php +++ b/config/pla.php @@ -43,6 +43,17 @@ return [ 'allow_guest' => env('LDAP_ALLOW_GUEST',FALSE), + /* + |-------------------------------------------------------------------------- + | Base DNs + |-------------------------------------------------------------------------- + | + | Normally PLA will get the base DNs from the rootDSE's namingcontexts + | entry. Instead of using that, you can define your own base DNs to use. + | + */ + 'base_dns' => ($x=env('LDAP_BASE_DN', NULL)) ? explode(',',$x) : NULL, + /* |-------------------------------------------------------------------------- | Custom Date Format