mirror of
https://github.com/snipe/snipe-it.git
synced 2024-12-24 05:04:07 -08:00
feat: Explicitly request LDAP attributes during sync
This commit is contained in:
parent
31da47e046
commit
4facc4007e
15
app/Console/Commands/LdapSync.php
Executable file → Normal file
15
app/Console/Commands/LdapSync.php
Executable file → Normal file
|
@ -111,14 +111,21 @@ class LdapSync extends Command
|
|||
}
|
||||
|
||||
/**
|
||||
* If a filter has been specified, use that
|
||||
* If a filter has been specified, use that, otherwise default to null
|
||||
*/
|
||||
if ($this->option('filter') != '') {
|
||||
$results = Ldap::findLdapUsers($search_base, -1, $this->option('filter'));
|
||||
$filter = $this->option('filter');
|
||||
} else {
|
||||
$results = Ldap::findLdapUsers($search_base);
|
||||
$filter = null;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* We only need to request the LDAP attributes that we process
|
||||
*/
|
||||
$attributes = array_values(array_filter($ldap_map));
|
||||
|
||||
$results = Ldap::findLdapUsers($search_base, -1, $filter, $attributes);
|
||||
|
||||
} catch (\Exception $e) {
|
||||
if ($this->option('json_summary')) {
|
||||
$json_summary = ['error' => true, 'error_message' => $e->getMessage(), 'summary' => []];
|
||||
|
|
|
@ -283,9 +283,10 @@ class Ldap extends Model
|
|||
* @param $base_dn
|
||||
* @param $count
|
||||
* @param $filter
|
||||
* @param $attributes
|
||||
* @return array|bool
|
||||
*/
|
||||
public static function findLdapUsers($base_dn = null, $count = -1, $filter = null)
|
||||
public static function findLdapUsers($base_dn = null, $count = -1, $filter = null, $attributes = [])
|
||||
{
|
||||
$ldapconn = self::connectToLdap();
|
||||
self::bindAdminToLdap($ldapconn);
|
||||
|
@ -319,7 +320,7 @@ class Ldap extends Model
|
|||
//if($count == -1) { //count is -1 means we have to employ paging to query the entire directory
|
||||
$ldap_controls = [['oid' => LDAP_CONTROL_PAGEDRESULTS, 'iscritical' => false, 'value' => ['size'=> $count == -1||$count>$page_size ? $page_size : $count, 'cookie' => $cookie]]];
|
||||
//}
|
||||
$search_results = ldap_search($ldapconn, $base_dn, $filter, [], 0, /* $page_size */ -1, -1, LDAP_DEREF_NEVER, $ldap_controls); // TODO - I hate the @, and I hate that we get a full page even if we ask for 10 records. Can we use an ldap_control?
|
||||
$search_results = ldap_search($ldapconn, $base_dn, $filter, $attributes, 0, /* $page_size */ -1, -1, LDAP_DEREF_NEVER, $ldap_controls); // TODO - I hate the @, and I hate that we get a full page even if we ask for 10 records. Can we use an ldap_control?
|
||||
Log::debug("LDAP search executed successfully.");
|
||||
if (! $search_results) {
|
||||
return redirect()->route('users.index')->with('error', trans('admin/users/message.error.ldap_could_not_search').ldap_error($ldapconn)); // TODO this is never called in any routed context - only from the Artisan command. So this redirect will never work.
|
||||
|
@ -340,7 +341,7 @@ class Ldap extends Model
|
|||
$cookie = '';
|
||||
}
|
||||
// Empty cookie means last page
|
||||
|
||||
|
||||
// Get results from page
|
||||
$results = ldap_get_entries($ldapconn, $search_results);
|
||||
if (! $results) {
|
||||
|
|
Loading…
Reference in a new issue