From ad8a2387f03be3f6283170c836b125b50952ac2e Mon Sep 17 00:00:00 2001 From: snipe Date: Tue, 11 Oct 2022 12:38:37 -0700 Subject: [PATCH 1/4] Updated help text to be more clear Signed-off-by: snipe --- resources/lang/en/admin/settings/general.php | 2 +- resources/views/settings/ldap.blade.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/resources/lang/en/admin/settings/general.php b/resources/lang/en/admin/settings/general.php index 18f06b26ab..446236b179 100644 --- a/resources/lang/en/admin/settings/general.php +++ b/resources/lang/en/admin/settings/general.php @@ -109,7 +109,7 @@ return [ 'ldap_auth_filter_query' => 'LDAP Authentication query', 'ldap_version' => 'LDAP Version', 'ldap_active_flag' => 'LDAP Active Flag', - 'ldap_activated_flag_help' => 'This flag is used to determine whether a user can login to Snipe-IT and does not affect the ability to check items in or out to them.', + 'ldap_activated_flag_help' => 'This flag is used to determine whether a user can login to Snipe-IT and does not affect the ability to check items in or out to them.

If this field is set to a field name that does not exist in your AD/LDAP, or the value in the AD/LDAP field is set to 0 or false, user login will be disabled. If the value in the AD/LDAP field is set to 1 or true or any other text means the user can log in. When the field is blank in AD, we respect the userAccountControl attribute, which allows non-suspended users to log in.', 'ldap_emp_num' => 'LDAP Employee Number', 'ldap_email' => 'LDAP Email', 'ldap_test' => 'Test LDAP', diff --git a/resources/views/settings/ldap.blade.php b/resources/views/settings/ldap.blade.php index fc728ac405..5fba8fcd3b 100644 --- a/resources/views/settings/ldap.blade.php +++ b/resources/views/settings/ldap.blade.php @@ -348,7 +348,7 @@
{{ Form::text('ldap_active_flag', Request::old('ldap_active_flag', $setting->ldap_active_flag), ['class' => 'form-control', $setting->demoMode]) }} -

{{ trans('admin/settings/general.ldap_activated_flag_help') }}

+

{!! trans('admin/settings/general.ldap_activated_flag_help') !!}

{!! $errors->first('ldap_active_flag', '') !!} @if (config('app.lock_passwords')===true) From ae0eb378e4f3700bee25b711f4b0d7e6ae0dd372 Mon Sep 17 00:00:00 2001 From: snipe Date: Tue, 11 Oct 2022 12:43:54 -0700 Subject: [PATCH 2/4] Additional clarification Signed-off-by: snipe --- resources/lang/en/admin/settings/general.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/resources/lang/en/admin/settings/general.php b/resources/lang/en/admin/settings/general.php index 446236b179..4b3ce6d93c 100644 --- a/resources/lang/en/admin/settings/general.php +++ b/resources/lang/en/admin/settings/general.php @@ -109,7 +109,7 @@ return [ 'ldap_auth_filter_query' => 'LDAP Authentication query', 'ldap_version' => 'LDAP Version', 'ldap_active_flag' => 'LDAP Active Flag', - 'ldap_activated_flag_help' => 'This flag is used to determine whether a user can login to Snipe-IT and does not affect the ability to check items in or out to them.

If this field is set to a field name that does not exist in your AD/LDAP, or the value in the AD/LDAP field is set to 0 or false, user login will be disabled. If the value in the AD/LDAP field is set to 1 or true or any other text means the user can log in. When the field is blank in AD, we respect the userAccountControl attribute, which allows non-suspended users to log in.', + 'ldap_activated_flag_help' => 'This flag is used to determine whether a user can login to Snipe-IT and does not affect the ability to check items in or out to them.

If this field is set to a field name that does not exist in your AD/LDAP, or the value in the AD/LDAP field is set to 0 or false, user login will be disabled. If the value in the AD/LDAP field is set to 1 or true or any other text means the user can log in. When the field is blank in AD, we respect the userAccountControl attribute, which usually allows non-suspended users to log in.', 'ldap_emp_num' => 'LDAP Employee Number', 'ldap_email' => 'LDAP Email', 'ldap_test' => 'Test LDAP', From 5ba01728d955c1b13520f1ffe6f26b6cea8319dd Mon Sep 17 00:00:00 2001 From: snipe Date: Tue, 11 Oct 2022 12:51:25 -0700 Subject: [PATCH 3/4] More text tweaking Signed-off-by: snipe --- resources/lang/en/admin/settings/general.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/resources/lang/en/admin/settings/general.php b/resources/lang/en/admin/settings/general.php index 4b3ce6d93c..f5542d505b 100644 --- a/resources/lang/en/admin/settings/general.php +++ b/resources/lang/en/admin/settings/general.php @@ -109,7 +109,7 @@ return [ 'ldap_auth_filter_query' => 'LDAP Authentication query', 'ldap_version' => 'LDAP Version', 'ldap_active_flag' => 'LDAP Active Flag', - 'ldap_activated_flag_help' => 'This flag is used to determine whether a user can login to Snipe-IT and does not affect the ability to check items in or out to them.

If this field is set to a field name that does not exist in your AD/LDAP, or the value in the AD/LDAP field is set to 0 or false, user login will be disabled. If the value in the AD/LDAP field is set to 1 or true or any other text means the user can log in. When the field is blank in AD, we respect the userAccountControl attribute, which usually allows non-suspended users to log in.', + 'ldap_activated_flag_help' => 'This value is used to determine whether a synced user can login to Snipe-IT. It does not affect the ability to check items in or out to them, and should be the attribute name within your AD/LDAP, not the value.

If this field is set to a field name that does not exist in your AD/LDAP, or the value in the AD/LDAP field is set to 0 or false, user login will be disabled. If the value in the AD/LDAP field is set to 1 or true or any other text means the user can log in. When the field is blank in your AD, we respect the userAccountControl attribute, which usually allows non-suspended users to log in.', 'ldap_emp_num' => 'LDAP Employee Number', 'ldap_email' => 'LDAP Email', 'ldap_test' => 'Test LDAP', From 0312ecf09dedbea19a7192ef153e3e0d8ea579a6 Mon Sep 17 00:00:00 2001 From: snipe Date: Wed, 12 Oct 2022 10:30:47 -0700 Subject: [PATCH 4/4] Sets nullable attribute on validation Signed-off-by: snipe --- app/Http/Controllers/SettingsController.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/Http/Controllers/SettingsController.php b/app/Http/Controllers/SettingsController.php index 14d0904226..111eb1baed 100755 --- a/app/Http/Controllers/SettingsController.php +++ b/app/Http/Controllers/SettingsController.php @@ -923,8 +923,8 @@ class SettingsController extends Controller $validator = Validator::make($setting->toArray(), [ 'ldap_username_field' => 'not_in:sAMAccountName', - 'ldap_auth_filter_query' => 'not_in:uid=samaccountname', - 'ldap_filter' => 'regex:"^[^(]"', + 'ldap_auth_filter_query' => 'not_in:uid=samaccountname|required_if:ldap_enabled,1', + 'ldap_filter' => 'nullable|regex:"^[^(]"|required_if:ldap_enabled,1', ], $messages);