diff --git a/htdocs/admin/ldap_groups.php b/htdocs/admin/ldap_groups.php
index 0cd05a53a74..4b7acd2598c 100644
--- a/htdocs/admin/ldap_groups.php
+++ b/htdocs/admin/ldap_groups.php
@@ -57,7 +57,9 @@ if ($action == 'setvalue' && $user->admin) {
if (!dolibarr_set_const($db, 'LDAP_GROUP_OBJECT_CLASS', GETPOST("objectclass", 'alphanohtml'), 'chaine', 0, '', $conf->entity)) {
$error++;
}
-
+ if (!dolibarr_set_const($db, 'LDAP_GROUP_FILTER', GETPOST("filter"), 'chaine', 0, '', $conf->entity)) {
+ $error++;
+ }
if (!dolibarr_set_const($db, 'LDAP_GROUP_FIELD_FULLNAME', GETPOST("fieldfullname", 'alphanohtml'), 'chaine', 0, '', $conf->entity)) {
$error++;
}
@@ -141,6 +143,13 @@ print '| '.$langs->trans("LDAPGroupObjectClassListExample").' | ';
print ' | ';
print '';
+// Filter, used to filter search
+print '| '.$langs->trans("LDAPFilterConnection").' | ';
+print '';
+print ' | '.$langs->trans("LDAPGroupFilterExample").' | ';
+print ' | ';
+print '
';
+
print '';
print '
';
print '';
@@ -212,10 +221,17 @@ if ($conf->global->LDAP_SYNCHRO_ACTIVE == 'dolibarr2ldap') {
$objectclass = $conf->global->LDAP_GROUP_OBJECT_CLASS;
show_ldap_test_button($butlabel, $testlabel, $key, $dn, $objectclass);
+} elseif ($conf->global->LDAP_SYNCHRO_ACTIVE == 'ldap2dolibarr') {
+ $butlabel = $langs->trans("LDAPTestSearch");
+ $testlabel = 'testsearchgroup';
+ $key = $conf->global->LDAP_KEY_GROUPS;
+ $dn = $conf->global->LDAP_GROUP_DN;
+ $objectclass = $conf->global->LDAP_GROUP_OBJECT_CLASS;
+ show_ldap_test_button($butlabel, $testlabel, $key, $dn, $objectclass);
}
if (function_exists("ldap_connect")) {
- if ($_GET["action"] == 'testgroup') {
+ if ($action == 'testgroup') {
// Creation objet
$object = new UserGroup($db);
$object->initAsSpecimen();
@@ -260,6 +276,66 @@ if (function_exists("ldap_connect")) {
print $langs->trans("ErrorLDAPMakeManualTest", $conf->ldap->dir_temp).'
';
}
}
+
+ if ($action == 'testsearchgroup') {
+ // Creation objet
+ $object = new UserGroup($db);
+ $object->initAsSpecimen();
+
+ // TODO Mutualize code following with other ldap_xxxx.php pages
+
+ // Test synchro
+ $ldap = new Ldap();
+ $result = $ldap->connect_bind();
+
+ if ($result > 0) {
+ $required_fields = array(
+ $conf->global->LDAP_KEY_GROUPS,
+ // $conf->global->LDAP_GROUP_FIELD_NAME,
+ $conf->global->LDAP_GROUP_FIELD_DESCRIPTION,
+ $conf->global->LDAP_GROUP_FIELD_GROUPMEMBERS,
+ $conf->global->LDAP_GROUP_FIELD_GROUPID
+ );
+
+ // Remove from required_fields all entries not configured in LDAP (empty) and duplicated
+ $required_fields = array_unique(array_values(array_filter($required_fields, "dol_validElement")));
+
+ // Get from LDAP database an array of results
+ $ldapgroups = $ldap->getRecords('*', $conf->global->LDAP_GROUP_DN, $conf->global->LDAP_KEY_USERS, $required_fields, 'group');
+ //$ldapgroups = $ldap->getRecords('*', $conf->global->LDAP_GROUP_DN, $conf->global->LDAP_KEY_USERS, '', 'group');
+
+ if (is_array($ldapgroups)) {
+ $liste = array();
+ foreach ($ldapgroups as $key => $ldapgroup) {
+ // Define the label string for this user
+ $label = '';
+ foreach ($required_fields as $value) {
+ if ($value) {
+ $label .= $value."=".$ldapgroup[$value]." ";
+ }
+ }
+ $liste[$key] = $label;
+ }
+ } else {
+ setEventMessages($ldap->error, $ldap->errors, 'errors');
+ }
+
+ print "
\n";
+ print "LDAP search for user:
\n";
+ print "search: *
\n";
+ print "userDN: ".$conf->global->LDAP_GROUP_DN."
\n";
+ print "useridentifier: ".$conf->global->LDAP_KEY_GROUPS."
\n";
+ print "required_fields: ".implode(',', $required_fields)."
\n";
+ print "=> ".count($liste)." records
\n";
+ print "\n
";
+ } else {
+ print img_picto('', 'error').' ';
+ print ''.$langs->trans("LDAPSynchroKO");
+ print ': '.$ldap->error;
+ print '
';
+ print $langs->trans("ErrorLDAPMakeManualTest", $conf->ldap->dir_temp).'
';
+ }
+ }
}
// End of page
diff --git a/htdocs/core/class/ldap.class.php b/htdocs/core/class/ldap.class.php
index 9963a178d1b..296bfcad852 100644
--- a/htdocs/core/class/ldap.class.php
+++ b/htdocs/core/class/ldap.class.php
@@ -139,6 +139,7 @@ class Ldap
$this->groups = $conf->global->LDAP_GROUP_DN;
$this->filter = $conf->global->LDAP_FILTER_CONNECTION; // Filter on user
+ $this->filtergroup = $conf->global->LDAP_GROUP_FILTER; // Filter on groups
$this->filtermember = $conf->global->LDAP_MEMBER_FILTER; // Filter on member
// Users
@@ -935,7 +936,7 @@ class Ldap
* @param string $userDn DN (Ex: ou=adherents,ou=people,dc=parinux,dc=org)
* @param string $useridentifier Name of key field (Ex: uid)
* @param array $attributeArray Array of fields required. Note this array must also contains field $useridentifier (Ex: sn,userPassword)
- * @param int $activefilter '1' or 'user'=use field this->filter as filter instead of parameter $search, 'member'=use field this->filtermember as filter
+ * @param int $activefilter '1' or 'user'=use field this->filter as filter instead of parameter $search, 'group'=user field this->filtergroup as filter, 'member'=use field this->filtermember as filter
* @param array $attributeAsArray Array of fields wanted as an array not a string
* @return array Array of [id_record][ldap_field]=value
*/
@@ -955,6 +956,8 @@ class Ldap
if (!empty($activefilter)) {
if (((string) $activefilter == '1' || (string) $activefilter == 'user') && $this->filter) {
$filter = '('.$this->filter.')';
+ } elseif (((string) $activefilter == 'group') && $this->filtergroup ) {
+ $filter = '('.$this->filtergroup.')';
} elseif (((string) $activefilter == 'member') && $this->filter) {
$filter = '('.$this->filtermember.')';
} else {
diff --git a/htdocs/core/modules/modLdap.class.php b/htdocs/core/modules/modLdap.class.php
index 5f4860d0149..8e3463ff4d4 100644
--- a/htdocs/core/modules/modLdap.class.php
+++ b/htdocs/core/modules/modLdap.class.php
@@ -85,6 +85,7 @@ class modLdap extends DolibarrModules
11=>array('LDAP_FIELD_PHONE', 'chaine', 'telephonenumber', '', 0),
12=>array('LDAP_FIELD_FAX', 'chaine', 'facsimiletelephonenumber', '', 0),
13=>array('LDAP_FIELD_MOBILE', 'chaine', 'mobile', '', 0),
+ 14=>array('LDAP_GROUP_FILTER', 'chaine', '&(objectClass=groupOfNames)', '', 0),
);
// Boxes
diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang
index 6b481e1357b..a94eaa75dcf 100644
--- a/htdocs/langs/en_US/admin.lang
+++ b/htdocs/langs/en_US/admin.lang
@@ -1512,6 +1512,7 @@ LDAPFieldLoginUnix=Login (unix)
LDAPFieldLoginExample=Example: uid
LDAPFilterConnection=Search filter
LDAPFilterConnectionExample=Example: &(objectClass=inetOrgPerson)
+LDAPGroupFilterExample=Example: &(objectClass=groupOfUsers)
LDAPFieldLoginSamba=Login (samba, activedirectory)
LDAPFieldLoginSambaExample=Example: samaccountname
LDAPFieldFullname=Full name
diff --git a/scripts/user/sync_groups_ldap2dolibarr.php b/scripts/user/sync_groups_ldap2dolibarr.php
index af0b117bb5e..f9725067762 100755
--- a/scripts/user/sync_groups_ldap2dolibarr.php
+++ b/scripts/user/sync_groups_ldap2dolibarr.php
@@ -97,7 +97,11 @@ print "port=".$conf->global->LDAP_SERVER_PORT."\n";
print "login=".$conf->global->LDAP_ADMIN_DN."\n";
print "pass=".preg_replace('/./i', '*', $conf->global->LDAP_ADMIN_PASS)."\n";
print "DN to extract=".$conf->global->LDAP_GROUP_DN."\n";
-print 'Filter=('.$conf->global->LDAP_KEY_GROUPS.'=*)'."\n";
+if (!empty($conf->global->LDAP_GROUP_FILTER)) {
+ print 'Filter=('.$conf->global->LDAP_GROUP_FILTER.')'."\n"; // Note: filter is defined into function getRecords
+} else {
+ print 'Filter=('.$conf->global->LDAP_KEY_GROUPS.'=*)'."\n";
+}
print "----- To Dolibarr database:\n";
print "type=".$conf->db->type."\n";
print "host=".$conf->db->host."\n";
@@ -127,7 +131,7 @@ if ($result >= 0) {
// We disable synchro Dolibarr-LDAP
$conf->global->LDAP_SYNCHRO_ACTIVE = 0;
- $ldaprecords = $ldap->getRecords('*', $conf->global->LDAP_GROUP_DN, $conf->global->LDAP_KEY_GROUPS, $required_fields, 0, array($conf->global->LDAP_GROUP_FIELD_GROUPMEMBERS));
+ $ldaprecords = $ldap->getRecords('*', $conf->global->LDAP_GROUP_DN, $conf->global->LDAP_KEY_GROUPS, $required_fields, 'group', array($conf->global->LDAP_GROUP_FIELD_GROUPMEMBERS));
if (is_array($ldaprecords)) {
$db->begin();