Skip to content

Commit bb35303

Browse files
DavidePrincipiDavidePrincipi
authored
fix: limit LDAP queries to certain domains (#191)
If no domain with addusers flag exists, ensure LDAP query based on the domain is skipped. We define a special "notempty.invalid" domain name to ensure that the domain filter is always non-empty. The same workaround is implemented for the addgroups flag. Ensure LDAP queries based on the domain are skipped if no domain has addgroups flag. Refs NethServer/dev#7385
1 parent f9dd8d4 commit bb35303

File tree

6 files changed

+6
-6
lines changed

6 files changed

+6
-6
lines changed

postfix/usr/local/lib/templates/laddgroupmembers-ad.cf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,4 +13,4 @@ query_filter = (&(objectClass=group)(sAMAccountName=%u)(groupType:1.2.840.113556
1313
result_attribute = sAMAccountName
1414
special_result_attribute = member
1515
leaf_result_attribute = sAMAccountName
16-
domain = ${tmpl_laddgroups_domains}
16+
domain = ${tmpl_laddgroups_domains} notempty.invalid

postfix/usr/local/lib/templates/laddgroupmembers-rfc2307.cf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,4 +11,4 @@ server_port = ${tmpl_ldap_port}
1111
search_base = ${tmpl_ldap_base}
1212
query_filter = (&(objectClass=posixGroup)(cn=%u))
1313
result_attribute = memberUid
14-
domain = ${tmpl_laddgroups_domains}
14+
domain = ${tmpl_laddgroups_domains} notempty.invalid

postfix/usr/local/lib/templates/laddgroups-ad.cf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,4 +11,4 @@ server_port = ${tmpl_ldap_port}
1111
search_base = ${tmpl_ldap_base}
1212
query_filter = (&(objectClass=group)(sAMAccountName=%u)(groupType:1.2.840.113556.1.4.803:=2)(!(isCriticalSystemObject=TRUE)))
1313
result_attribute = sAMAccountName
14-
domain = ${tmpl_laddgroups_domains}
14+
domain = ${tmpl_laddgroups_domains} notempty.invalid

postfix/usr/local/lib/templates/laddgroups-rfc2307.cf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,4 +11,4 @@ server_port = ${tmpl_ldap_port}
1111
search_base = ${tmpl_ldap_base}
1212
query_filter = (&(objectClass=posixGroup)(cn=%u))
1313
result_attribute = cn
14-
domain = ${tmpl_laddgroups_domains}
14+
domain = ${tmpl_laddgroups_domains} notempty.invalid

postfix/usr/local/lib/templates/laddusers-ad.cf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,4 +11,4 @@ server_port = ${tmpl_ldap_port}
1111
search_base = ${tmpl_ldap_base}
1212
query_filter = (&(objectClass=user)(objectCategory=person)(sAMAccountName=%u))
1313
result_attribute = sAMAccountName
14-
domain = ${tmpl_laddusers_domains}
14+
domain = ${tmpl_laddusers_domains} notempty.invalid

postfix/usr/local/lib/templates/laddusers-rfc2307.cf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,4 +11,4 @@ server_port = ${tmpl_ldap_port}
1111
search_base = ${tmpl_ldap_base}
1212
query_filter = (&(objectClass=posixAccount)(objectClass=inetOrgPerson)(uid=%u))
1313
result_attribute = uid
14-
domain = ${tmpl_laddusers_domains}
14+
domain = ${tmpl_laddusers_domains} notempty.invalid

0 commit comments

Comments
 (0)