server: Add support for SubString ldap filter

2023-02-13 15:41:07 +01:00
parent 21e51c3d38
commit 81036943c2
7 changed files with 219 additions and 19 deletions
--- a/server/src/domain/ldap/group.rs
+++ b/server/src/domain/ldap/group.rs
@@ -178,6 +178,21 @@ fn convert_group_filter(
                    || map_group_field(field).is_some(),
            ))
        }
+        LdapFilter::Substring(field, substring_filter) => {
+            let field = &field.to_ascii_lowercase();
+            match map_group_field(field.as_str()) {
+                Some(GroupColumn::DisplayName) => Ok(GroupRequestFilter::DisplayNameSubString(
+                    substring_filter.clone().into(),
+                )),
+                _ => Err(LdapError {
+                    code: LdapResultCode::UnwillingToPerform,
+                    message: format!(
+                        "Unsupported group attribute for substring filter: {:?}",
+                        field
+                    ),
+                }),
+            }
+        }
        _ => Err(LdapError {
            code: LdapResultCode::UnwillingToPerform,
            message: format!("Unsupported group filter: {:?}", filter),
--- a/server/src/domain/ldap/user.rs
+++ b/server/src/domain/ldap/user.rs
@@ -185,6 +185,28 @@ fn convert_user_filter(ldap_info: &LdapInfo, filter: &LdapFilter) -> LdapResult<
                    || map_user_field(field).is_some(),
            ))
        }
+        LdapFilter::Substring(field, substring_filter) => {
+            let field = &field.to_ascii_lowercase();
+            match map_user_field(field.as_str()) {
+                Some(UserColumn::UserId) => Ok(UserRequestFilter::UserIdSubString(
+                    substring_filter.clone().into(),
+                )),
+                None
+                | Some(UserColumn::CreationDate)
+                | Some(UserColumn::Avatar)
+                | Some(UserColumn::Uuid) => Err(LdapError {
+                    code: LdapResultCode::UnwillingToPerform,
+                    message: format!(
+                        "Unsupported user attribute for substring filter: {:?}",
+                        field
+                    ),
+                }),
+                Some(field) => Ok(UserRequestFilter::SubString(
+                    field,
+                    substring_filter.clone().into(),
+                )),
+            }
+        }
        _ => Err(LdapError {
            code: LdapResultCode::UnwillingToPerform,
            message: format!("Unsupported user filter: {:?}", filter),
--- a/server/src/domain/ldap/utils.rs
+++ b/server/src/domain/ldap/utils.rs
@@ -1,12 +1,29 @@
 use itertools::Itertools;
-use ldap3_proto::LdapResultCode;
+use ldap3_proto::{proto::LdapSubstringFilter, LdapResultCode};
 use tracing::{debug, instrument, warn};

 use crate::domain::{
+    handler::SubStringFilter,
    ldap::error::{LdapError, LdapResult},
    types::{GroupColumn, UserColumn, UserId},
 };

+impl From<LdapSubstringFilter> for SubStringFilter {
+    fn from(
+        LdapSubstringFilter {
+            initial,
+            any,
+            final_,
+        }: LdapSubstringFilter,
+    ) -> Self {
+        Self {
+            initial,
+            any,
+            final_,
+        }
+    }
+}
+
 fn make_dn_pair<I>(mut iter: I) -> LdapResult<(String, String)>
 where
    I: Iterator<Item = String>,
@@ -141,8 +158,8 @@ pub fn map_user_field(field: &str) -> Option<UserColumn> {
        "uid" | "user_id" | "id" => UserColumn::UserId,
        "mail" | "email" => UserColumn::Email,
        "cn" | "displayname" | "display_name" => UserColumn::DisplayName,
-        "givenname" | "first_name" => UserColumn::FirstName,
-        "sn" | "last_name" => UserColumn::LastName,
+        "givenname" | "first_name" | "firstname" => UserColumn::FirstName,
+        "sn" | "last_name" | "lastname" => UserColumn::LastName,
        "avatar" | "jpegphoto" => UserColumn::Avatar,
        "creationdate" | "createtimestamp" | "modifytimestamp" | "creation_date" => {
            UserColumn::CreationDate