mirror of
https://github.com/snipe/snipe-it.git
synced 2024-12-24 21:24:13 -08:00
feat: Explicitly request LDAP attributes during sync
This commit is contained in:
parent
31da47e046
commit
4facc4007e
15
app/Console/Commands/LdapSync.php
Executable file → Normal file
15
app/Console/Commands/LdapSync.php
Executable file → Normal file
|
@ -111,14 +111,21 @@ class LdapSync extends Command
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* If a filter has been specified, use that
|
* If a filter has been specified, use that, otherwise default to null
|
||||||
*/
|
*/
|
||||||
if ($this->option('filter') != '') {
|
if ($this->option('filter') != '') {
|
||||||
$results = Ldap::findLdapUsers($search_base, -1, $this->option('filter'));
|
$filter = $this->option('filter');
|
||||||
} else {
|
} else {
|
||||||
$results = Ldap::findLdapUsers($search_base);
|
$filter = null;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* We only need to request the LDAP attributes that we process
|
||||||
|
*/
|
||||||
|
$attributes = array_values(array_filter($ldap_map));
|
||||||
|
|
||||||
|
$results = Ldap::findLdapUsers($search_base, -1, $filter, $attributes);
|
||||||
|
|
||||||
} catch (\Exception $e) {
|
} catch (\Exception $e) {
|
||||||
if ($this->option('json_summary')) {
|
if ($this->option('json_summary')) {
|
||||||
$json_summary = ['error' => true, 'error_message' => $e->getMessage(), 'summary' => []];
|
$json_summary = ['error' => true, 'error_message' => $e->getMessage(), 'summary' => []];
|
||||||
|
|
|
@ -283,9 +283,10 @@ class Ldap extends Model
|
||||||
* @param $base_dn
|
* @param $base_dn
|
||||||
* @param $count
|
* @param $count
|
||||||
* @param $filter
|
* @param $filter
|
||||||
|
* @param $attributes
|
||||||
* @return array|bool
|
* @return array|bool
|
||||||
*/
|
*/
|
||||||
public static function findLdapUsers($base_dn = null, $count = -1, $filter = null)
|
public static function findLdapUsers($base_dn = null, $count = -1, $filter = null, $attributes = [])
|
||||||
{
|
{
|
||||||
$ldapconn = self::connectToLdap();
|
$ldapconn = self::connectToLdap();
|
||||||
self::bindAdminToLdap($ldapconn);
|
self::bindAdminToLdap($ldapconn);
|
||||||
|
@ -319,7 +320,7 @@ class Ldap extends Model
|
||||||
//if($count == -1) { //count is -1 means we have to employ paging to query the entire directory
|
//if($count == -1) { //count is -1 means we have to employ paging to query the entire directory
|
||||||
$ldap_controls = [['oid' => LDAP_CONTROL_PAGEDRESULTS, 'iscritical' => false, 'value' => ['size'=> $count == -1||$count>$page_size ? $page_size : $count, 'cookie' => $cookie]]];
|
$ldap_controls = [['oid' => LDAP_CONTROL_PAGEDRESULTS, 'iscritical' => false, 'value' => ['size'=> $count == -1||$count>$page_size ? $page_size : $count, 'cookie' => $cookie]]];
|
||||||
//}
|
//}
|
||||||
$search_results = ldap_search($ldapconn, $base_dn, $filter, [], 0, /* $page_size */ -1, -1, LDAP_DEREF_NEVER, $ldap_controls); // TODO - I hate the @, and I hate that we get a full page even if we ask for 10 records. Can we use an ldap_control?
|
$search_results = ldap_search($ldapconn, $base_dn, $filter, $attributes, 0, /* $page_size */ -1, -1, LDAP_DEREF_NEVER, $ldap_controls); // TODO - I hate the @, and I hate that we get a full page even if we ask for 10 records. Can we use an ldap_control?
|
||||||
Log::debug("LDAP search executed successfully.");
|
Log::debug("LDAP search executed successfully.");
|
||||||
if (! $search_results) {
|
if (! $search_results) {
|
||||||
return redirect()->route('users.index')->with('error', trans('admin/users/message.error.ldap_could_not_search').ldap_error($ldapconn)); // TODO this is never called in any routed context - only from the Artisan command. So this redirect will never work.
|
return redirect()->route('users.index')->with('error', trans('admin/users/message.error.ldap_could_not_search').ldap_error($ldapconn)); // TODO this is never called in any routed context - only from the Artisan command. So this redirect will never work.
|
||||||
|
@ -340,7 +341,7 @@ class Ldap extends Model
|
||||||
$cookie = '';
|
$cookie = '';
|
||||||
}
|
}
|
||||||
// Empty cookie means last page
|
// Empty cookie means last page
|
||||||
|
|
||||||
// Get results from page
|
// Get results from page
|
||||||
$results = ldap_get_entries($ldapconn, $search_results);
|
$results = ldap_get_entries($ldapconn, $search_results);
|
||||||
if (! $results) {
|
if (! $results) {
|
||||||
|
|
Loading…
Reference in a new issue