mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Active Directory: filter disabled users, allow nested group membership (#8222)

Browse Source
This commit is contained in:
network-guy
2018-03-16 23:57:27 -05:00
committed by Tony Murray
parent 8136a1be33
commit 3619f28cc2
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
LibreNMS/Authentication/ADAuthorizationAuthorizer.php
View File

@ -180,7 +180,7 @@ class ADAuthorizationAuthorizer extends MysqlAuthorizer
$ldap_groups = $this->getGroupList();
foreach ($ldap_groups as $ldap_group) {
$search_filter = "(memberOf=$ldap_group)";
$search_filter = "(&(memberOf:1.2.840.113556.1.4.1941:=$ldap_group)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))";
if (Config::get('auth_ad_user_filter')) {
$search_filter = "(&{" . Config::get('auth_ad_user_filter') . $search_filter . ")";
}

2
LibreNMS/Authentication/ActiveDirectoryAuthorizer.php
View File

@ -241,7 +241,7 @@ class ActiveDirectoryAuthorizer extends AuthorizerBase
$ldap_groups = $this->getGroupList();
foreach ($ldap_groups as $ldap_group) {
$search_filter = "(memberOf=$ldap_group)";
$search_filter = "(&(memberOf:1.2.840.113556.1.4.1941:=$ldap_group)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))";
if (Config::get('auth_ad_user_filter')) {
$search_filter = "(&" . Config::get('auth_ad_user_filter') . $search_filter .")";
}