From 25d0c05d56e22e8041eefcc59ad9fe01b3e1d145 Mon Sep 17 00:00:00 2001
From: Arthur Schiwon <blizzz@owncloud.com>
Date: Tue, 28 Feb 2012 14:11:51 +0100
Subject: [PATCH] make LDAP filter for user list configurable

---
 apps/user_ldap/templates/settings.php |  3 ++-
 apps/user_ldap/user_ldap.php          | 15 ++++++++-------
 2 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/apps/user_ldap/templates/settings.php b/apps/user_ldap/templates/settings.php
index 5bbd5d4008d..99af275525d 100644
--- a/apps/user_ldap/templates/settings.php
+++ b/apps/user_ldap/templates/settings.php
@@ -7,7 +7,8 @@
 		<label for="ldap_password"><?php echo $l->t('Password');?></label><input type="password" id="ldap_password" name="ldap_password" value="<?php echo $_['ldap_password']; ?>" />
 		<small><?php echo $l->t('Leave both empty for anonymous bind for search, then bind with users credentials.');?></small></p>
 		<p><label for="ldap_base"><?php echo $l->t('Base');?></label><input type="text" id="ldap_base" name="ldap_base" value="<?php echo $_['ldap_base']; ?>" />
-		<label for="ldap_filter"><?php echo $l->t('Filter (use %%uid placeholder)');?></label><input type="text" id="ldap_filter" name="ldap_filter" value="<?php echo $_['ldap_filter']; ?>" /></p>
+		<label for="ldap_login_filter"><?php echo $l->t('Filter (use %%uid placeholder)');?></label><input type="text" id="ldap_login_filter" name="ldap_login_filter" value="<?php echo $_['ldap_login_filter']; ?>" />
+		<label for="ldap_userlist_filter"><?php echo $l->t('Filter to retrieve user list (without any placeholder)');?></label><input type="text" id="ldap_userlist_filter" name="ldap_userlist_filter" value="<?php echo $_['ldap_userlist_filter']; ?>" /><small><?php echo $l->t('For example "objectClass=person".');?>	</p>
 		<p><label for="ldap_display_name"><?php echo $l->t('Display Name Field');?></label><input type="text" id="ldap_display_name" name="ldap_display_name" value="<?php echo $_['ldap_display_name']; ?>" />
 		<small><?php echo $l->t('Currently the display name field needs to be the same you matched %%uid against in the filter above, because ownCloud doesn\'t distinguish between user id and user name.');?></small></p>
 		<p><input type="checkbox" id="ldap_tls" name="ldap_tls" value="1"<?php if ($_['ldap_tls']) echo ' checked'; ?>><label for="ldap_tls"><?php echo $l->t('Use TLS');?></label></p>
diff --git a/apps/user_ldap/user_ldap.php b/apps/user_ldap/user_ldap.php
index 670d938ea95..fb42cc81337 100644
--- a/apps/user_ldap/user_ldap.php
+++ b/apps/user_ldap/user_ldap.php
@@ -32,7 +32,8 @@ class OC_USER_LDAP extends OC_User_Backend {
 	protected $ldap_dn;
 	protected $ldap_password;
 	protected $ldap_base;
-	protected $ldap_filter;
+	protected $ldap_login_filter;
+	protected $ldap_userlist_filter;
 	protected $ldap_tls;
 	protected $ldap_nocase;
 	protected $ldap_display_name;
@@ -49,7 +50,8 @@ class OC_USER_LDAP extends OC_User_Backend {
 		$this->ldap_dn = OC_Appconfig::getValue('user_ldap', 'ldap_dn','');
 		$this->ldap_password = OC_Appconfig::getValue('user_ldap', 'ldap_password','');
 		$this->ldap_base = OC_Appconfig::getValue('user_ldap', 'ldap_base','');
-		$this->ldap_filter = OC_Appconfig::getValue('user_ldap', 'ldap_filter','');
+		$this->ldap_login_filter = OC_Appconfig::getValue('user_ldap', 'ldap_login_filter','');
+		$this->ldap_userlist_filter = OC_Appconfig::getValue('user_ldap', 'ldap_userlist_filter','objectClass=person');
 		$this->ldap_tls = OC_Appconfig::getValue('user_ldap', 'ldap_tls', 0);
 		$this->ldap_nocase = OC_Appconfig::getValue('user_ldap', 'ldap_nocase', 0);
 		$this->ldap_display_name = OC_Appconfig::getValue('user_ldap', 'ldap_display_name', OC_USER_BACKEND_LDAP_DEFAULT_DISPLAY_NAME);
@@ -61,7 +63,7 @@ class OC_USER_LDAP extends OC_User_Backend {
 			&& !empty($this->ldap_port)
 			&& ((!empty($this->ldap_dn) && !empty($this->ldap_password)) || (empty($this->ldap_dn) && empty($this->ldap_password)))
 			&& !empty($this->ldap_base)
-			&& !empty($this->ldap_filter)
+			&& !empty($this->ldap_login_filter)
 			&& !empty($this->ldap_display_name)
 		)
 		{
@@ -127,7 +129,7 @@ class OC_USER_LDAP extends OC_User_Backend {
 			return false;
 
 		// get dn
-		$filter = str_replace('%uid', $uid, $this->ldap_filter);
+		$filter = str_replace('%uid', $uid, $this->ldap_login_filter);
 		$sr = ldap_search( $this->getDs(), $this->ldap_base, $filter );
 		$entries = ldap_get_entries( $this->getDs(), $sr );
 
@@ -161,7 +163,7 @@ class OC_USER_LDAP extends OC_User_Backend {
 		}
 
 		if($this->ldap_nocase) {
-			$filter = str_replace('%uid', $uid, $this->ldap_filter);
+			$filter = str_replace('%uid', $uid, $this->ldap_login_filter);
 			$sr = ldap_search( $this->getDs(), $this->ldap_base, $filter );
 			$entries = ldap_get_entries( $this->getDs(), $sr );
 			if( $entries['count'] == 1 ) {
@@ -202,8 +204,7 @@ class OC_USER_LDAP extends OC_User_Backend {
 			return false;
 
 		// get users
-		$filter = 'objectClass=person';
-		$sr = ldap_search( $this->getDs(), $this->ldap_base, $filter );
+		$sr = ldap_search( $this->getDs(), $this->ldap_base, $this->ldap_userlist_filter );
 		$entries = ldap_get_entries( $this->getDs(), $sr );
 		if( $entries['count'] == 0 )
 			return false;