feat: add custom ldap search filters (#216)

backend/internal/dto/app_config_dto.go

@@ -28,6 +28,8 @@ type AppConfigUpdateDto struct {
 	LdapBindDn                         string `json:"ldapBindDn"`
 	LdapBindPassword                   string `json:"ldapBindPassword"`
 	LdapBase                           string `json:"ldapBase"`
+	LdapUserSearchFilter               string `json:"ldapUserSearchFilter"`
+	LdapUserGroupSearchFilter          string `json:"ldapUserGroupSearchFilter"`
 	LdapSkipCertVerify                 string `json:"ldapSkipCertVerify"`
 	LdapAttributeUserUniqueIdentifier  string `json:"ldapAttributeUserUniqueIdentifier"`
 	LdapAttributeUserUsername          string `json:"ldapAttributeUserUsername"`

backend/internal/model/app_config.go

@@ -35,6 +35,8 @@ type AppConfig struct {
 	LdapBindDn                         AppConfigVariable
 	LdapBindPassword                   AppConfigVariable
 	LdapBase                           AppConfigVariable
+	LdapUserSearchFilter               AppConfigVariable
+	LdapUserGroupSearchFilter          AppConfigVariable
 	LdapSkipCertVerify                 AppConfigVariable
 	LdapAttributeUserUniqueIdentifier  AppConfigVariable
 	LdapAttributeUserUsername          AppConfigVariable

backend/internal/service/app_config_service.go

@@ -138,6 +138,16 @@ var defaultDbConfig = model.AppConfig{
 		Key:  "ldapBase",
 		Type: "string",
 	},
+	LdapUserSearchFilter: model.AppConfigVariable{
+		Key:          "ldapUserSearchFilter",
+		Type:         "string",
+		DefaultValue: "(objectClass=person)",
+	},
+	LdapUserGroupSearchFilter: model.AppConfigVariable{
+		Key:          "ldapUserGroupSearchFilter",
+		Type:         "string",
+		DefaultValue: "(objectClass=groupOfNames)",
+	},
 	LdapSkipCertVerify: model.AppConfigVariable{
 		Key:          "ldapSkipCertVerify",
 		Type:         "bool",

backend/internal/service/ldap_service.go

@@ -70,7 +70,7 @@ func (s *LdapService) SyncGroups() error {
 	baseDN := s.appConfigService.DbConfig.LdapBase.Value
 	nameAttribute := s.appConfigService.DbConfig.LdapAttributeGroupName.Value
 	uniqueIdentifierAttribute := s.appConfigService.DbConfig.LdapAttributeGroupUniqueIdentifier.Value
-	filter := "(objectClass=groupOfUniqueNames)"
+	filter := s.appConfigService.DbConfig.LdapUserGroupSearchFilter.Value
 
 	searchAttrs := []string{
 		nameAttribute,
@@ -176,8 +176,7 @@ func (s *LdapService) SyncUsers() error {
 	firstNameAttribute := s.appConfigService.DbConfig.LdapAttributeUserFirstName.Value
 	lastNameAttribute := s.appConfigService.DbConfig.LdapAttributeUserLastName.Value
 	adminGroupAttribute := s.appConfigService.DbConfig.LdapAttributeAdminGroup.Value
-
-	filter := "(objectClass=person)"
+	filter := s.appConfigService.DbConfig.LdapUserSearchFilter.Value
 
 	searchAttrs := []string{
 		"memberOf",

frontend/src/lib/types/application-configuration.ts

@@ -23,6 +23,8 @@ export type AllAppConfig = AppConfig & {
 	ldapBindDn: string;
 	ldapBindPassword: string;
 	ldapBase: string;
+	ldapUserSearchFilter: string;
+	ldapUserGroupSearchFilter: string;
 	ldapSkipCertVerify: boolean;
 	ldapAttributeUserUniqueIdentifier: string;
 	ldapAttributeUserUsername: string;

frontend/src/routes/settings/admin/application-configuration/forms/app-config-ldap-form.svelte

@@ -28,6 +28,8 @@
 		ldapBindDn: appConfig.ldapBindDn,
 		ldapBindPassword: appConfig.ldapBindPassword,
 		ldapBase: appConfig.ldapBase,
+		ldapUserSearchFilter: appConfig.ldapUserSearchFilter,
+		ldapUserGroupSearchFilter: appConfig.ldapUserGroupSearchFilter,
 		ldapSkipCertVerify: appConfig.ldapSkipCertVerify,
 		ldapAttributeUserUniqueIdentifier: appConfig.ldapAttributeUserUniqueIdentifier,
 		ldapAttributeUserUsername: appConfig.ldapAttributeUserUsername,
@@ -44,6 +46,8 @@
 		ldapBindDn: z.string().min(1),
 		ldapBindPassword: z.string().min(1),
 		ldapBase: z.string().min(1),
+		ldapUserSearchFilter: z.string().min(1),
+		ldapUserGroupSearchFilter: z.string().min(1),
 		ldapSkipCertVerify: z.boolean(),
 		ldapAttributeUserUniqueIdentifier: z.string().min(1),
 		ldapAttributeUserUsername: z.string().min(1),
@@ -102,6 +106,18 @@
 		/>
 		<FormInput label="LDAP Bind Password" type="password" bind:input={$inputs.ldapBindPassword} />
 		<FormInput label="LDAP Base DN" placeholder="dc=example,dc=com" bind:input={$inputs.ldapBase} />
+		<FormInput
+			label="User Search Filter"
+			description="The Search filter to use to search/sync users."
+			placeholder="(objectClass=person)"
+			bind:input={$inputs.ldapUserSearchFilter}
+		/>
+		<FormInput
+			label="Groups Search Filter"
+			description="The Search filter to use to search/sync groups."
+			placeholder="(objectClass=groupOfNames)"
+			bind:input={$inputs.ldapUserGroupSearchFilter}
+		/>
 		<CheckboxWithLabel
 			id="skip-cert-verify"
 			label="Skip Certificate Verification"

frontend/tests/application-configuration.spec.ts

@@ -58,6 +58,8 @@ test('Update LDAP configuration', async ({ page }) => {
 	await page.getByLabel('LDAP Bind DN').fill('cn=admin,dc=example,dc=com');
 	await page.getByLabel('LDAP Bind Password').fill('password');
 	await page.getByLabel('LDAP Base DN').fill('dc=example,dc=com');
+	await page.getByLabel('User Search Filter').fill('(objectClass=person)');
+	await page.getByLabel('Groups Search Filter').fill('(objectClass=groupOfUniqueNames)');
 	await page.getByLabel('User Unique Identifier Attribute').fill('uuid');
 	await page.getByLabel('Username Attribute').fill('uid');
 	await page.getByLabel('User Mail Attribute').fill('mail');
@@ -78,6 +80,8 @@ test('Update LDAP configuration', async ({ page }) => {
 	await expect(page.getByLabel('LDAP Bind DN')).toHaveValue('cn=admin,dc=example,dc=com');
 	await expect(page.getByLabel('LDAP Bind Password')).toHaveValue('password');
 	await expect(page.getByLabel('LDAP Base DN')).toHaveValue('dc=example,dc=com');
+	await page.getByLabel('User Search Filter').fill('(objectClass=person)');
+	await page.getByLabel('Groups Search Filter').fill('(objectClass=groupOfUniqueNames)');
 	await expect(page.getByLabel('User Unique Identifier Attribute')).toHaveValue('uuid');
 	await expect(page.getByLabel('Username Attribute')).toHaveValue('uid');
 	await expect(page.getByLabel('User Mail Attribute')).toHaveValue('mail');