deon/phpldapadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Implement LdapRule to limit user logins by objectclass.

Browse Source 
Now logins are allowed by any objectclass unless LDAP_LOGIN_OBJECTCLASS is defined, we should be an array of allowed objectClass (any match).
Improvement for #245
This commit is contained in:
Deon George
2024-01-08 12:54:58 +11:00
parent 18f9f1a9b3
commit ef355e8193
5 changed files with 149 additions and 111 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
config/ldap.php
View File

@@ -102,6 +102,16 @@ return [
],
*/
/*
* If 'login,attr' is used above such that phpLDAPadmin will search for your DN
* at login, you may restrict the search to a specific objectClasses. EG, set this
* to array('posixAccount') or array('inetOrgPerson',..), depending upon your
* setup.
*/
'login' => [
'objectclass' => explode(',',env('LDAP_LOGIN_OBJECTCLASS', 'posixAccount')), // Objectclass that users must contain to login
],
/*
|--------------------------------------------------------------------------
| Custom Date Format