server: Add support for the custom LDAP object classes in LDAP filters

2024-02-06 22:23:10 +01:00
parent 646fe32645
commit 4955b7fac1
3 changed files with 62 additions and 10 deletions
--- a/server/src/domain/ldap/group.rs
+++ b/server/src/domain/ldap/group.rs
@@ -9,7 +9,7 @@ use crate::domain::{
    handler::{GroupListerBackendHandler, GroupRequestFilter},
    ldap::error::LdapError,
    schema::{PublicSchema, SchemaGroupAttributeExtractor},
-    types::{AttributeName, AttributeType, Group, UserId, Uuid},
+    types::{AttributeName, AttributeType, Group, LdapObjectClass, UserId, Uuid},
 };

 use super::{
@@ -177,10 +177,13 @@ fn convert_group_filter(
                    )?;
                    Ok(GroupRequestFilter::Member(user_name))
                }
-                GroupFieldType::ObjectClass => Ok(GroupRequestFilter::from(matches!(
-                    value.as_str(),
-                    "groupofuniquenames" | "groupofnames"
-                ))),
+                GroupFieldType::ObjectClass => Ok(GroupRequestFilter::from(
+                    matches!(value.as_str(), "groupofuniquenames" | "groupofnames")
+                        || schema
+                            .get_schema()
+                            .extra_group_object_classes
+                            .contains(&LdapObjectClass::from(value)),
+                )),
                GroupFieldType::Dn | GroupFieldType::EntryDn => {
                    Ok(get_group_id_from_distinguished_name(
                        value.as_str(),
--- a/server/src/domain/ldap/user.rs
+++ b/server/src/domain/ldap/user.rs
@@ -15,7 +15,10 @@ use crate::domain::{
        },
    },
    schema::{PublicSchema, SchemaUserAttributeExtractor},
-    types::{AttributeName, AttributeType, GroupDetails, User, UserAndGroups, UserColumn, UserId},
+    types::{
+        AttributeName, AttributeType, GroupDetails, LdapObjectClass, User, UserAndGroups,
+        UserColumn, UserId,
+    },
 };

 pub fn get_user_attribute(
@@ -206,10 +209,15 @@ fn convert_user_filter(
                    }
                    Ok(UserRequestFilter::from(false))
                }
-                UserFieldType::ObjectClass => Ok(UserRequestFilter::from(matches!(
-                    value.as_str(),
-                    "person" | "inetorgperson" | "posixaccount" | "mailaccount"
-                ))),
+                UserFieldType::ObjectClass => Ok(UserRequestFilter::from(
+                    matches!(
+                        value.as_str(),
+                        "person" | "inetorgperson" | "posixaccount" | "mailaccount"
+                    ) || schema
+                        .get_schema()
+                        .extra_user_object_classes
+                        .contains(&LdapObjectClass::from(value)),
+                )),
                UserFieldType::MemberOf => Ok(UserRequestFilter::MemberOf(
                    get_group_id_from_distinguished_name(
                        &value,