Deon George
ef355e8193
Now logins are allowed by any objectclass unless LDAP_LOGIN_OBJECTCLASS is defined, we should be an array of allowed objectClass (any match). Improvement for #245
28 lines
603 B
PHP
28 lines
603 B
PHP
<?php
|
|
|
|
namespace App\Ldap\Rules;
|
|
|
|
use Illuminate\Database\Eloquent\Model as Eloquent;
|
|
use LdapRecord\Laravel\Auth\Rule;
|
|
use LdapRecord\Models\Model as LdapRecord;
|
|
|
|
/**
|
|
* User must have this objectClass to login
|
|
*
|
|
* This is overridden by LDAP_LOGIN_OBJECTCLASS
|
|
* @see User::$objectClasses
|
|
*/
|
|
class LoginObjectclassRule implements Rule
|
|
{
|
|
public function passes(LdapRecord $user, Eloquent $model = null): bool
|
|
{
|
|
if ($x=config('ldap.login.objectclass')) {
|
|
return count(array_intersect($user->objectclass,$x));
|
|
|
|
// Otherwise allow the user to login
|
|
} else {
|
|
return TRUE;
|
|
}
|
|
}
|
|
}
|