Matt Ryall avatar Matt Ryall committed 7fc7578 Draft

#3: Use group object filter setting in LDAP queries

Comments (0)

Files changed (2)


 import org.springframework.ldap.core.LdapTemplate;
 import org.springframework.ldap.filter.AndFilter;
 import org.springframework.ldap.filter.EqualsFilter;
+import org.springframework.ldap.filter.HardcodedFilter;
 import org.springframework.ldap.filter.OrFilter;
     private final String tokenGroupsAttribute;
     private final String additionalGroupDn;
     private final String groupObjectClass;
+    private final String groupObjectFilter;
     public TokenGroupsSearcher(MicrosoftActiveDirectory activeDirectory, TokenGroupsGroupContextMapper groupContextMapper,
         TokenGroupsSettingsManager settingsManager)
         this.tokenGroupsAttribute = settingsManager.getTokenGroupsAttribute();
         this.additionalGroupDn = settingsManager.getAdditionalGroupDn();
         this.groupObjectClass = settingsManager.getGroupObjectClass();
+        this.groupObjectFilter = settingsManager.getGroupObjectFilter();
     private List<LDAPGroupWithAttributes> findGroupsWithSids(List<String> groupSids)
-        String filter = getGroupFilter(groupObjectClass, groupSids);
+        String filter = getGroupFilter(groupObjectClass, groupObjectFilter, groupSids);
         String groupBaseDn = getGroupBaseDn();
         SearchControls searchControls = getSearchControls();
         return searcher.pageSearchResults(groupBaseDn, filter, searchControls, groupContextMapper, PagedLdapSearcher.ALL_RESULTS);
-    static String getGroupFilter(String groupObjectClass, List<String> groupSids)
+    static String getGroupFilter(String groupObjectClass, String groupObjectFilter, List<String> groupSids)
         OrFilter groupSidFilter = new OrFilter();
         for (String sid : groupSids)
         AndFilter filter = new AndFilter();
         filter.and(new EqualsFilter("objectClass", groupObjectClass));
+        filter.and(new HardcodedFilter(groupObjectFilter));
         return filter.encode();


     public void testGetGroupFilter() throws Exception
-        String filter = TokenGroupsSearcher.getGroupFilter("foo", asList("bar", "baz"));
-        assertEquals("(&(objectClass=foo)(|(objectSid=bar)(objectSid=baz)))", filter);
+        String filter = TokenGroupsSearcher.getGroupFilter("foo", "(objectCategory=group)", asList("bar", "baz"));
+        assertEquals("(&(objectClass=foo)(objectCategory=group)(|(objectSid=bar)(objectSid=baz)))", filter);
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.