diff --git a/contrib/openldap/core-fd-conf.schema b/contrib/openldap/core-fd-conf.schema index 399caefade9c62fe329d3591ef858f4c798d1d93..e9cf5c270e7e57e3932e90c708523c5b3f10667b 100644 --- a/contrib/openldap/core-fd-conf.schema +++ b/contrib/openldap/core-fd-conf.schema @@ -406,6 +406,13 @@ attributetype ( 1.3.6.1.4.1.38414.8.18.11 NAME 'fdManagementUserConfig' SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) +attributetype ( 1.3.6.1.4.1.38414.8.18.12 NAME 'fdAclTargetFilterLimit' + DESC 'Fusion Directory - Size limit for LDAP filter on ACL targets' + EQUALITY integerMatch + ORDERING integerOrderingMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + # Plugins attributetype ( 1.3.6.1.4.1.38414.8.19.1 NAME 'fdOGroupRDN' diff --git a/include/class_userinfo.inc b/include/class_userinfo.inc index 968185b6d498a7e3d7acea811217caf6086ef5a9..5ecbfec2dec088ba314cfc14313862941443d965 100644 --- a/include/class_userinfo.inc +++ b/include/class_userinfo.inc @@ -137,7 +137,7 @@ class userinfo $this->reset_acl_cache(); $ldap = $config->get_ldap_link(); $ldap->cd($config->current['BASE']); - $targetFilterLimit = 100; + $targetFilterLimit = $config->get_cfg_value('AclTargetFilterLimit', 100); /* Get member groups... */ $ldap->search('(&(objectClass=groupOfNames)(member='.ldap_escape_f($this->dn).'))', ['dn']); diff --git a/plugins/config/class_configInLdap.inc b/plugins/config/class_configInLdap.inc index 8b6eccade44ce0af282581b1912b677588cd45db..93e8055c3b80dc69cb8849576f8b3c6b70de48a0 100644 --- a/plugins/config/class_configInLdap.inc +++ b/plugins/config/class_configInLdap.inc @@ -366,6 +366,11 @@ class configInLdap extends simplePlugin ), // Needed here for ACLs new HiddenAttribute('fdManagementConfig'), + new IntAttribute( + _('ACL target filter limit'), _('Defines the maximum number of entries an ACL target filter is allowed to return'), + 'fdAclTargetFilterLimit', FALSE, + 0 /*min*/, FALSE /*no max*/, 100 + ), ] ], ];