From 700e1e4d1486f659af9f0517bae7294006db46a7 Mon Sep 17 00:00:00 2001
From: Pavel Vyskocil <Pavel.Vyskocil@cesnet.cz>
Date: Wed, 14 May 2025 13:19:27 +0200
Subject: [PATCH] feat: allow to select attr for user_identifiers in ldap

Allow to select LDAP attribute for searching users by his identifiers
---
 lib/AdapterLdap.php | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/lib/AdapterLdap.php b/lib/AdapterLdap.php
index 933f91b..eadd6d4 100644
--- a/lib/AdapterLdap.php
+++ b/lib/AdapterLdap.php
@@ -38,6 +38,10 @@ class AdapterLdap extends Adapter
 
     public const PERUN_FACILITY_ID = 'perunFacilityId';
 
+    public const LDAP_USER_IDENTIFIERS_ATTR = 'userIdentifiersAttr';
+
+    public const LDAP_USER_IDENTIFIERS_DEFAULT_ATTR = 'eduPersonPrincipalNames';
+
     public const CN = 'cn';
 
     public const DESCRIPTION = 'description';
@@ -64,6 +68,8 @@ class AdapterLdap extends Adapter
 
     private $fallbackAdapter;
 
+    private $ldapUserIdentitiesAttr;
+
     public function __construct($configFileName = null)
     {
         if ($configFileName === null) {
@@ -80,6 +86,11 @@ class AdapterLdap extends Adapter
 
         $this->connector = new LdapConnector($ldapHostname, $ldapUser, $ldapPassword, $ldapEnableTLS);
         $this->fallbackAdapter = new AdapterRpc();
+
+        $this->ldapUserIdentitiesAttr = $conf->getString(
+            self::LDAP_USER_IDENTIFIERS_ATTR,
+            self::LDAP_USER_IDENTIFIERS_DEFAULT_ATTR
+        );
     }
 
     public function getPerunUser($idpEntityId, $uids)
@@ -87,7 +98,7 @@ class AdapterLdap extends Adapter
         // Build a LDAP query, we are searching for the user who has at least one of the uid
         $query = '';
         foreach ($uids as $uid) {
-            $query .= '(eduPersonPrincipalNames=' . $uid . ')';
+            $query .= '(' . $this->ldapUserIdentitiesAttr . '=' . $uid . ')';
         }
 
         if (empty($query)) {
-- 
GitLab