feat: allow to select attr for user_identifiers in ldap

Allow to select LDAP attribute for searching users by his identifiers

feat: allow to select attr for user_identifiers in ldap
700e1e4d · Pavel Vyskočil · 528dae37 · 700e1e4d
Verified Commit 700e1e4d authored 2 months ago by Pavel Vyskočil
--- a/lib/AdapterLdap.php
+++ b/lib/AdapterLdap.php
@@ -38,6 +38,10 @@ class AdapterLdap extends Adapter
    public const PERUN_FACILITY_ID = 'perunFacilityId';
+    public const LDAP_USER_IDENTIFIERS_ATTR = 'userIdentifiersAttr';
+    public const LDAP_USER_IDENTIFIERS_DEFAULT_ATTR = 'eduPersonPrincipalNames';
    public const CN = 'cn';
    public const DESCRIPTION = 'description';
@@ -64,6 +68,8 @@ class AdapterLdap extends Adapter
    private $fallbackAdapter;
+    private $ldapUserIdentitiesAttr;
    public function __construct($configFileName = null)
    {
        if ($configFileName === null) {
@@ -80,6 +86,11 @@ class AdapterLdap extends Adapter
        $this->connector = new LdapConnector($ldapHostname, $ldapUser, $ldapPassword, $ldapEnableTLS);
        $this->fallbackAdapter = new AdapterRpc();
+        $this->ldapUserIdentitiesAttr = $conf->getString(
+            self::LDAP_USER_IDENTIFIERS_ATTR,
+            self::LDAP_USER_IDENTIFIERS_DEFAULT_ATTR
+        );
    }
    public function getPerunUser($idpEntityId, $uids)
@@ -87,7 +98,7 @@ class AdapterLdap extends Adapter
        // Build a LDAP query, we are searching for the user who has at least one of the uid
        $query = '';
        foreach ($uids as $uid) {
-            $query .= '(eduPersonPrincipalNames=' . $uid . ')';
+            $query .= '(' . $this->ldapUserIdentitiesAttr . '=' . $uid . ')';
        }
        if (empty($query)) {