Implement LdapRule to limit user logins by objectclass.
Now logins are allowed by any objectclass unless LDAP_LOGIN_OBJECTCLASS is defined, we should be an array of allowed objectClass (any match). Improvement for #245
This commit is contained in:
27
app/Ldap/Rules/LoginObjectclassRule.php
Normal file
27
app/Ldap/Rules/LoginObjectclassRule.php
Normal file
@@ -0,0 +1,27 @@
|
||||
<?php
|
||||
|
||||
namespace App\Ldap\Rules;
|
||||
|
||||
use Illuminate\Database\Eloquent\Model as Eloquent;
|
||||
use LdapRecord\Laravel\Auth\Rule;
|
||||
use LdapRecord\Models\Model as LdapRecord;
|
||||
|
||||
/**
|
||||
* User must have this objectClass to login
|
||||
*
|
||||
* This is overridden by LDAP_LOGIN_OBJECTCLASS
|
||||
* @see User::$objectClasses
|
||||
*/
|
||||
class LoginObjectclassRule implements Rule
|
||||
{
|
||||
public function passes(LdapRecord $user, Eloquent $model = null): bool
|
||||
{
|
||||
if ($x=config('ldap.login.objectclass')) {
|
||||
return count(array_intersect($user->objectclass,$x));
|
||||
|
||||
// Otherwise allow the user to login
|
||||
} else {
|
||||
return TRUE;
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user