[Web] add LDAP query filter

data/web/inc/functions.auth.inc.php

@@ -495,6 +495,7 @@ function ldap_mbox_login($user, $pass, $iam_settings, $extra = null){
   try {
     $user_res = $iam_provider->query()
       ->where($iam_settings['username_field'], '=', $user)
+      ->whereRaw($iam_settings['filter'])
       ->select([$iam_settings['username_field'], $iam_settings['attribute_field'], 'displayname', 'distinguishedname'])
       ->firstOrFail();
   } catch (Exception $e) {

data/web/inc/functions.inc.php

@@ -2189,11 +2189,12 @@ function identity_provider($_action, $_data = null, $_extra = null) {
         case "ldap":
           $_data['port']              = (!empty($_data['port'])) ? intval($_data['port']) : 389;
           $_data['username_field']    = (!empty($_data['username_field'])) ? $_data['username_field'] : "mail";
+          $_data['filter']            = (!empty($_data['filter'])) ? $_data['filter'] : "";
           $_data['periodic_sync']     = isset($_data['periodic_sync']) ? intval($_data['periodic_sync']) : 0;
           $_data['import_users']      = isset($_data['import_users']) ? intval($_data['import_users']) : 0;
           $_data['sync_interval']     = (!empty($_data['sync_interval'])) ? intval($_data['sync_interval']) : 15;
           $_data['sync_interval']     = $_data['sync_interval'] < 1 ? 1 : $_data['sync_interval'];
-          $required_settings          = array('authsource', 'host', 'port', 'basedn', 'username_field', 'attribute_field', 'binddn', 'bindpass', 'periodic_sync', 'import_users', 'sync_interval');
+          $required_settings          = array('authsource', 'host', 'port', 'basedn', 'username_field', 'filter', 'attribute_field', 'binddn', 'bindpass', 'periodic_sync', 'import_users', 'sync_interval');
         break;
       }
       

data/web/lang/lang.en-gb.json

@@ -199,6 +199,7 @@
         "f2b_regex_info": "Logs taken into consideration: SOGo, Postfix, Dovecot, PHP-FPM.",
         "f2b_retry_window": "Retry window (s) for max. attempts",
         "f2b_whitelist": "Whitelisted networks/hosts",
+        "filter": "Filter",
         "filter_table": "Filter table",
         "forwarding_hosts": "Forwarding Hosts",
         "forwarding_hosts_add_hint": "You can either specify IPv4/IPv6 addresses, networks in CIDR notation, host names (which will be resolved to IP addresses), or domain names (which will be resolved to IP addresses by querying SPF records or, in their absence, MX records).",

data/web/templates/admin/tab-config-identity-provider.twig

@@ -314,6 +314,12 @@
               <input type="text" class="form-control" placeholder="mail" id="iam_ldap_username_field" name="username_field" value="{{ iam_settings.username_field }}">
             </div>
           </div>
+          <div class="row mb-2">
+            <label class="control-label col-md-3 text-sm-end" for="iam_ldap_filter">{{ lang.admin.filter }}:</label>
+            <div class="col-12 col-md-9 col-lg-4">
+              <input type="text" class="form-control" placeholder="" id="iam_ldap_filter" name="filter" value="{{ iam_settings.filter }}">
+            </div>
+          </div>
           <div class="row mb-2">
             <label class="control-label col-md-3 text-sm-end" for="iam_ldap_attribute_field">{{ lang.admin.iam_attribute_field }}:</label>
             <div class="col-12 col-md-9 col-lg-4">