Commit 0167f527 authored by Côme Chilliet's avatar Côme Chilliet

Merge branch '5531-give-acl-based-on-an-ldap-filter' into '1.4-dev'

Resolve "Give ACL based on an LDAP filter"

See merge request fusiondirectory/fd!686
parents ea2e289b 6d5c023b
......@@ -406,6 +406,13 @@ attributetype ( 1.3.6.1.4.1.38414.8.18.11 NAME 'fdManagementUserConfig'
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
attributetype ( 1.3.6.1.4.1.38414.8.18.12 NAME 'fdAclTargetFilterLimit'
DESC 'Fusion Directory - Size limit for LDAP filter on ACL targets'
EQUALITY integerMatch
ORDERING integerOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
# Plugins
attributetype ( 1.3.6.1.4.1.38414.8.19.1 NAME 'fdOGroupRDN'
......
......@@ -137,7 +137,7 @@ class userinfo
$this->reset_acl_cache();
$ldap = $config->get_ldap_link();
$ldap->cd($config->current['BASE']);
$targetFilterLimit = 100;
$targetFilterLimit = $config->get_cfg_value('AclTargetFilterLimit', 100);
/* Get member groups... */
$ldap->search('(&(objectClass=groupOfNames)(member='.ldap_escape_f($this->dn).'))', ['dn']);
......
......@@ -366,6 +366,11 @@ class configInLdap extends simplePlugin
),
// Needed here for ACLs
new HiddenAttribute('fdManagementConfig'),
new IntAttribute(
_('ACL target filter limit'), _('Defines the maximum number of entries an ACL target filter is allowed to return'),
'fdAclTargetFilterLimit', FALSE,
0 /*min*/, FALSE /*no max*/, 100
),
]
],
];
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment