[LIMS-1636] Make LDAP server ID field configurable (#934)

gfrn · web-flow · commit 719d2a50e135 · 2025-05-27T10:34:07.000+01:00
* Make LDAP searches more configurable

* Include ldap_id_field in globals
diff --git a/api/config_sample.php b/api/config_sample.php
@@ -40,6 +40,8 @@
     # CAS CA Cert (for SSO)
     $cacert = '/etc/certs/ca-bundle.crt';
 
+    # Field to get user ID from in LDAP
+    $ldap_id_field = "cn";
     # ldap server, used for lookup and authentication (if using, set to null if not)
     # Update the ldap(s) prefix, hostname and search settings as required
     $ldap_server = 'ldaps://ldap.example.com';
diff --git a/api/src/Page.php b/api/src/Page.php
@@ -758,7 +758,9 @@ function bcr()
      */
     function _get_name($fedid)
     {
-        $src = $this->_ldap_search('uid=' . $fedid);
+        global $ldap_id_field;
+
+        $src = $this->_ldap_search($ldap_id_field . '=' . $fedid);
         return array_key_exists($fedid, $src) ? $src[$fedid] : '';
     }
 
@@ -770,7 +772,9 @@ function _get_name($fedid)
      */
     function _get_email($fedid)
     {
-        $src = $this->_ldap_search('uid=' . $fedid, True);
+        global $ldap_id_field;
+
+        $src = $this->_ldap_search($ldap_id_field . '=' . $fedid, True);
         return array_key_exists($fedid, $src) ? $src[$fedid] : $fedid;
     }
 
@@ -853,12 +857,12 @@ function _get_ispyb_email_fn($name)
      * Search LDAP for name or email
      *
      * @param boolean $email Search for an email adddress if true, search for name if false
-     * @param string $search ldap query, typically uid=fedid or name search
+     * @param string $search ldap query, typically cn=fedid or name search
      * @return array Returns array of results, either fedid=>emailAddresses or fedid=>"givenname sn" from ldap records
      */
     function _ldap_search($search, $email = False)
     {
-        global $ldap_server, $ldap_search;
+        global $ldap_server, $ldap_search, $ldap_id_field;
 
         $ret = array();
         if (is_null($ldap_server)) {
@@ -881,7 +885,7 @@ function _ldap_search($search, $email = False)
             {
                 // Strictly speaking we could set anything as the key here, since only the first record is used in e.g. _get_email_fn
                 // But as the logic maps fedid=>email, use similar keys here
-                $fedid = $info[$i]['uid'][0];
+                $fedid = $info[$i][$ldap_id_field][0];
                 if ($email)
                 {
                     $ret[$fedid] = array_key_exists('mail', $info[$i]) ? $info[$i]['mail'][0] : '';

Original file line number	Diff line number	Diff line change
`@@ -758,7 +758,9 @@ function bcr()`
`758`	`758`	`*/`
`759`	`759`	`function _get_name($fedid)`
`760`	`760`	`{`
`761`		`- $src = $this->_ldap_search('uid=' . $fedid);`
	`761`	`+ global $ldap_id_field;`
	`762`	`+`
	`763`	`+ $src = $this->_ldap_search($ldap_id_field . '=' . $fedid);`
`762`	`764`	`return array_key_exists($fedid, $src) ? $src[$fedid] : '';`
`763`	`765`	`}`
`764`	`766`
`@@ -770,7 +772,9 @@ function _get_name($fedid)`
`770`	`772`	`*/`
`771`	`773`	`function _get_email($fedid)`
`772`	`774`	`{`
`773`		`- $src = $this->_ldap_search('uid=' . $fedid, True);`
	`775`	`+ global $ldap_id_field;`
	`776`	`+`
	`777`	`+ $src = $this->_ldap_search($ldap_id_field . '=' . $fedid, True);`
`774`	`778`	`return array_key_exists($fedid, $src) ? $src[$fedid] : $fedid;`
`775`	`779`	`}`
`776`	`780`
`@@ -853,12 +857,12 @@ function _get_ispyb_email_fn($name)`
`853`	`857`	`* Search LDAP for name or email`
`854`	`858`	`*`
`855`	`859`	`* @param boolean $email Search for an email adddress if true, search for name if false`
`856`		`- * @param string $search ldap query, typically uid=fedid or name search`
	`860`	`+ * @param string $search ldap query, typically cn=fedid or name search`
`857`	`861`	`* @return array Returns array of results, either fedid=>emailAddresses or fedid=>"givenname sn" from ldap records`
`858`	`862`	`*/`
`859`	`863`	`function _ldap_search($search, $email = False)`
`860`	`864`	`{`
`861`		`- global $ldap_server, $ldap_search;`
	`865`	`+ global $ldap_server, $ldap_search, $ldap_id_field;`
`862`	`866`
`863`	`867`	`$ret = array();`
`864`	`868`	`if (is_null($ldap_server)) {`
`@@ -881,7 +885,7 @@ function _ldap_search($search, $email = False)`
`881`	`885`	`{`
`882`	`886`	`// Strictly speaking we could set anything as the key here, since only the first record is used in e.g. _get_email_fn`
`883`	`887`	`// But as the logic maps fedid=>email, use similar keys here`
`884`		`- $fedid = $info[$i]['uid'][0];`
	`888`	`+ $fedid = $info[$i][$ldap_id_field][0];`
`885`	`889`	`if ($email)`
`886`	`890`	`{`
`887`	`891`	`$ret[$fedid] = array_key_exists('mail', $info[$i]) ? $info[$i]['mail'][0] : '';`