NEW: ldap: filter search on usergroups

htdocs/admin/ldap_groups.php

@@ -57,7 +57,9 @@ if ($action == 'setvalue' && $user->admin) {
 	if (!dolibarr_set_const($db, 'LDAP_GROUP_OBJECT_CLASS', GETPOST("objectclass", 'alphanohtml'), 'chaine', 0, '', $conf->entity)) {
 		$error++;
 	}
-
+	if (!dolibarr_set_const($db, 'LDAP_GROUP_FILTER', GETPOST("filter"), 'chaine', 0, '', $conf->entity)) {
+	    $error++;
+	}
 	if (!dolibarr_set_const($db, 'LDAP_GROUP_FIELD_FULLNAME', GETPOST("fieldfullname", 'alphanohtml'), 'chaine', 0, '', $conf->entity)) {
 		$error++;
 	}
@@ -141,6 +143,13 @@ print '</td><td>'.$langs->trans("LDAPGroupObjectClassListExample").'</td>';
 print '<td>&nbsp;</td>';
 print '</tr>';
 
+// Filter, used to filter search
+print '<tr class="oddeven"><td>'.$langs->trans("LDAPFilterConnection").'</td><td>';
+print '<input size="48" type="text" name="filter" value="'.$conf->global->LDAP_GROUP_FILTER.'">';
+print '</td><td>'.$langs->trans("LDAPGroupFilterExample").'</td>';
+print '<td></td>';
+print '</tr>';
+
 print '</table>';
 print '<br>';
 print '<table class="noborder centpercent">';
@@ -212,10 +221,17 @@ if ($conf->global->LDAP_SYNCHRO_ACTIVE == 'dolibarr2ldap') {
 	$objectclass = $conf->global->LDAP_GROUP_OBJECT_CLASS;
 
 	show_ldap_test_button($butlabel, $testlabel, $key, $dn, $objectclass);
+} elseif ($conf->global->LDAP_SYNCHRO_ACTIVE == 'ldap2dolibarr') {
+    $butlabel = $langs->trans("LDAPTestSearch");
+    $testlabel = 'testsearchgroup';
+    $key = $conf->global->LDAP_KEY_GROUPS;
+    $dn = $conf->global->LDAP_GROUP_DN;
+    $objectclass = $conf->global->LDAP_GROUP_OBJECT_CLASS;
+    show_ldap_test_button($butlabel, $testlabel, $key, $dn, $objectclass);
 }
 
 if (function_exists("ldap_connect")) {
-	if ($_GET["action"] == 'testgroup') {
+	if ($action == 'testgroup') {
 		// Creation objet
 		$object = new UserGroup($db);
 		$object->initAsSpecimen();
@@ -260,6 +276,66 @@ if (function_exists("ldap_connect")) {
 			print $langs->trans("ErrorLDAPMakeManualTest", $conf->ldap->dir_temp).'<br>';
 		}
 	}
+
+	if ($action == 'testsearchgroup') {
+	    // Creation objet
+	    $object = new UserGroup($db);
+	    $object->initAsSpecimen();
+
+	    // TODO Mutualize code following with other ldap_xxxx.php pages
+
+	    // Test synchro
+	    $ldap = new Ldap();
+	    $result = $ldap->connect_bind();
+
+	    if ($result > 0) {
+	        $required_fields = array(
+	            $conf->global->LDAP_KEY_GROUPS,
+	            // $conf->global->LDAP_GROUP_FIELD_NAME,
+	            $conf->global->LDAP_GROUP_FIELD_DESCRIPTION,
+	            $conf->global->LDAP_GROUP_FIELD_GROUPMEMBERS,
+	            $conf->global->LDAP_GROUP_FIELD_GROUPID
+	        );
+
+	        // Remove from required_fields all entries not configured in LDAP (empty) and duplicated
+	        $required_fields = array_unique(array_values(array_filter($required_fields, "dol_validElement")));
+
+	        // Get from LDAP database an array of results
+	        $ldapgroups = $ldap->getRecords('*', $conf->global->LDAP_GROUP_DN, $conf->global->LDAP_KEY_USERS, $required_fields, 'group');
+	        //$ldapgroups = $ldap->getRecords('*', $conf->global->LDAP_GROUP_DN, $conf->global->LDAP_KEY_USERS, '', 'group');
+
+	        if (is_array($ldapgroups)) {
+	            $liste = array();
+	            foreach ($ldapgroups as $key => $ldapgroup) {
+	                // Define the label string for this user
+	                $label = '';
+	                foreach ($required_fields as $value) {
+	                    if ($value) {
+	                        $label .= $value."=".$ldapgroup[$value]." ";
+	                    }
+	                }
+	                $liste[$key] = $label;
+	            }
+	        } else {
+	            setEventMessages($ldap->error, $ldap->errors, 'errors');
+	        }
+
+	        print "<br>\n";
+	        print "LDAP search for user:<br>\n";
+	        print "search: *<br>\n";
+	        print "userDN: ".$conf->global->LDAP_GROUP_DN."<br>\n";
+	        print "useridentifier: ".$conf->global->LDAP_KEY_GROUPS."<br>\n";
+	        print "required_fields: ".implode(',', $required_fields)."<br>\n";
+	        print "=> ".count($liste)." records<br>\n";
+	        print "\n<br>";
+	    } else {
+	        print img_picto('', 'error').' ';
+	        print '<font class="error">'.$langs->trans("LDAPSynchroKO");
+	        print ': '.$ldap->error;
+	        print '</font><br>';
+	        print $langs->trans("ErrorLDAPMakeManualTest", $conf->ldap->dir_temp).'<br>';
+	    }
+	}
 }
 
 // End of page

htdocs/core/class/ldap.class.php

@@ -139,6 +139,7 @@ class Ldap
 		$this->groups              = $conf->global->LDAP_GROUP_DN;
 
 		$this->filter              = $conf->global->LDAP_FILTER_CONNECTION; // Filter on user
+		$this->filtergroup         = $conf->global->LDAP_GROUP_FILTER; // Filter on groups
 		$this->filtermember        = $conf->global->LDAP_MEMBER_FILTER; // Filter on member
 
 		// Users
@@ -935,7 +936,7 @@ class Ldap
 	 *	@param	string	$userDn			 	DN (Ex: ou=adherents,ou=people,dc=parinux,dc=org)
 	 *	@param	string	$useridentifier 	Name of key field (Ex: uid)
 	 *	@param	array	$attributeArray 	Array of fields required. Note this array must also contains field $useridentifier (Ex: sn,userPassword)
-	 *	@param	int		$activefilter		'1' or 'user'=use field this->filter as filter instead of parameter $search, 'member'=use field this->filtermember as filter
+	 *	@param	int		$activefilter		'1' or 'user'=use field this->filter as filter instead of parameter $search, 'group'=user field this->filtergroup as filter, 'member'=use field this->filtermember as filter
 	 *	@param	array	$attributeAsArray 	Array of fields wanted as an array not a string
 	 *	@return	array						Array of [id_record][ldap_field]=value
 	 */
@@ -955,6 +956,8 @@ class Ldap
 		if (!empty($activefilter)) {
 			if (((string) $activefilter == '1' || (string) $activefilter == 'user') && $this->filter) {
 				$filter = '('.$this->filter.')';
+			} elseif (((string) $activefilter == 'group') && $this->filtergroup ) {
+			    $filter = '('.$this->filtergroup.')';
 			} elseif (((string) $activefilter == 'member') && $this->filter) {
 				$filter = '('.$this->filtermember.')';
 			} else {

htdocs/core/modules/modLdap.class.php

@@ -85,6 +85,7 @@ class modLdap extends DolibarrModules
 		11=>array('LDAP_FIELD_PHONE', 'chaine', 'telephonenumber', '', 0),
 		12=>array('LDAP_FIELD_FAX', 'chaine', 'facsimiletelephonenumber', '', 0),
 		13=>array('LDAP_FIELD_MOBILE', 'chaine', 'mobile', '', 0),
+		14=>array('LDAP_GROUP_FILTER', 'chaine', '&(objectClass=groupOfNames)', '', 0),
 		);
 
 		// Boxes

htdocs/langs/en_US/admin.lang

@@ -1512,6 +1512,7 @@ LDAPFieldLoginUnix=Login (unix)
 LDAPFieldLoginExample=Example: uid
 LDAPFilterConnection=Search filter
 LDAPFilterConnectionExample=Example: &(objectClass=inetOrgPerson)
+LDAPGroupFilterExample=Example: &(objectClass=groupOfUsers)
 LDAPFieldLoginSamba=Login (samba, activedirectory)
 LDAPFieldLoginSambaExample=Example: samaccountname
 LDAPFieldFullname=Full name

scripts/user/sync_groups_ldap2dolibarr.php

@@ -97,7 +97,11 @@ print "port=".$conf->global->LDAP_SERVER_PORT."\n";
 print "login=".$conf->global->LDAP_ADMIN_DN."\n";
 print "pass=".preg_replace('/./i', '*', $conf->global->LDAP_ADMIN_PASS)."\n";
 print "DN to extract=".$conf->global->LDAP_GROUP_DN."\n";
-print 'Filter=('.$conf->global->LDAP_KEY_GROUPS.'=*)'."\n";
+if (!empty($conf->global->LDAP_GROUP_FILTER)) {
+    print 'Filter=('.$conf->global->LDAP_GROUP_FILTER.')'."\n"; // Note: filter is defined into function getRecords
+} else {
+    print 'Filter=('.$conf->global->LDAP_KEY_GROUPS.'=*)'."\n";
+}
 print "----- To Dolibarr database:\n";
 print "type=".$conf->db->type."\n";
 print "host=".$conf->db->host."\n";
@@ -127,7 +131,7 @@ if ($result >= 0) {
 	// We disable synchro Dolibarr-LDAP
 	$conf->global->LDAP_SYNCHRO_ACTIVE = 0;
 
-	$ldaprecords = $ldap->getRecords('*', $conf->global->LDAP_GROUP_DN, $conf->global->LDAP_KEY_GROUPS, $required_fields, 0, array($conf->global->LDAP_GROUP_FIELD_GROUPMEMBERS));
+	$ldaprecords = $ldap->getRecords('*', $conf->global->LDAP_GROUP_DN, $conf->global->LDAP_KEY_GROUPS, $required_fields, 'group', array($conf->global->LDAP_GROUP_FIELD_GROUPMEMBERS));
 	if (is_array($ldaprecords)) {
 		$db->begin();