diff --git a/src/main/java/org/codelibs/fess/Constants.java b/src/main/java/org/codelibs/fess/Constants.java
index 1302b4a2e38b5732eab751e670a03e8555a8f040..5e528bc97102696b1084c5f05b07ef1284ba68f4 100644
--- a/src/main/java/org/codelibs/fess/Constants.java
+++ b/src/main/java/org/codelibs/fess/Constants.java
@@ -368,4 +368,6 @@ public class Constants extends CoreLibConstants {
public static final String LDAP_SECURITY_AUTHENTICATION = "ldap.security.authentication";
public static final String LDAP_INITIAL_CONTEXT_FACTORY = "ldap.initial.context.factory";
+
+ public static final String LDAP_ACCOUNT_FILTER = "ldap.account.filter";
}
diff --git a/src/main/java/org/codelibs/fess/app/web/admin/general/AdminGeneralAction.java b/src/main/java/org/codelibs/fess/app/web/admin/general/AdminGeneralAction.java
index ba737d45d735b07a64fc1ece16566598d1800788..c1e5fdd96c2102210ceba7f3618bcf472e830666 100644
--- a/src/main/java/org/codelibs/fess/app/web/admin/general/AdminGeneralAction.java
+++ b/src/main/java/org/codelibs/fess/app/web/admin/general/AdminGeneralAction.java
@@ -163,6 +163,7 @@ public class AdminGeneralAction extends FessAdminAction {
updateProperty(Constants.LDAP_PROVIDER_URL, form.ldapProviderUrl);
updateProperty(Constants.LDAP_SECURITY_PRINCIPAL, form.ldapSecurityPrincipal);
updateProperty(Constants.LDAP_BASE_DN, form.ldapBaseDn);
+ updateProperty(Constants.LDAP_ACCOUNT_FILTER, form.ldapAccountFilter);
crawlerProperties.store();
saveInfo(messages -> messages.addSuccessUpdateCrawlerParams(GLOBAL));
@@ -201,6 +202,7 @@ public class AdminGeneralAction extends FessAdminAction {
form.ldapProviderUrl = crawlerProperties.getProperty(Constants.LDAP_PROVIDER_URL, StringUtil.EMPTY);
form.ldapSecurityPrincipal = crawlerProperties.getProperty(Constants.LDAP_SECURITY_PRINCIPAL, StringUtil.EMPTY);
form.ldapBaseDn = crawlerProperties.getProperty(Constants.LDAP_BASE_DN, StringUtil.EMPTY);
+ form.ldapAccountFilter = crawlerProperties.getProperty(Constants.LDAP_ACCOUNT_FILTER, StringUtil.EMPTY);
}
private void updateProperty(final String key, final String value) {
diff --git a/src/main/java/org/codelibs/fess/app/web/admin/general/EditForm.java b/src/main/java/org/codelibs/fess/app/web/admin/general/EditForm.java
index a5b5038e07a9f7d9b4a9a6b0a1da7b55d27958ce..82cdc090c5f323b679dbab8221b9074712cc72f4 100644
--- a/src/main/java/org/codelibs/fess/app/web/admin/general/EditForm.java
+++ b/src/main/java/org/codelibs/fess/app/web/admin/general/EditForm.java
@@ -124,4 +124,7 @@ public class EditForm implements Serializable {
@Size(max = 1000)
public String ldapBaseDn;
+
+ @Size(max = 1000)
+ public String ldapAccountFilter;
}
diff --git a/src/main/java/org/codelibs/fess/ldap/LdapManager.java b/src/main/java/org/codelibs/fess/ldap/LdapManager.java
index 2e4f2933d0710c5b0d9b3e7d5cecb4cc970a7cb1..3e6c8cbe834770d6759ad422005fd0fe32137888 100644
--- a/src/main/java/org/codelibs/fess/ldap/LdapManager.java
+++ b/src/main/java/org/codelibs/fess/ldap/LdapManager.java
@@ -80,15 +80,16 @@ public class LdapManager {
return new LdapUser(env, username);
}
- public String[] getRoles(final LdapUser ldapUser, String bindDn) {
- final List<String> rolelist = new ArrayList<String>();
+ public String[] getRoles(final LdapUser ldapUser, String bindDn, String accountFilter) {
+ final List<String> roleList = new ArrayList<String>();
DirContext ctx = null;
try {
ctx = new InitialDirContext(ldapUser.getEnvironment());
- //set search conditions
- final String filter = "cn=" + ldapUser.getName();
+ // LDAP: cn=%s
+ // AD: (&(objectClass=user)(sAMAccountName=%s))
+ final String filter = String.format(accountFilter, ldapUser.getName());
final SearchControls controls = new SearchControls();
controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
@@ -119,7 +120,7 @@ public class LdapManager {
strTmp = strTmp.substring(strStart, strEnd);
- rolelist.add(strTmp);
+ roleList.add(strTmp);
}
}
}
@@ -136,6 +137,6 @@ public class LdapManager {
}
}
- return rolelist.toArray(new String[rolelist.size()]);
+ return roleList.toArray(new String[roleList.size()]);
}
}
diff --git a/src/main/java/org/codelibs/fess/ldap/LdapUser.java b/src/main/java/org/codelibs/fess/ldap/LdapUser.java
index 48a553922627f1e7e27148b47f9cd9f7e90ff8d3..c143c0e14f40878a6d747ddbda740ef98a4664a9 100644
--- a/src/main/java/org/codelibs/fess/ldap/LdapUser.java
+++ b/src/main/java/org/codelibs/fess/ldap/LdapUser.java
@@ -19,7 +19,6 @@ import java.util.Hashtable;
import org.codelibs.core.lang.StringUtil;
import org.codelibs.fess.entity.FessUser;
-import org.codelibs.fess.mylasta.direction.FessConfig;
import org.codelibs.fess.util.ComponentUtil;
public class LdapUser implements FessUser {
@@ -46,8 +45,9 @@ public class LdapUser implements FessUser {
public String[] getRoleNames() {
if (roles == null) {
final String baseDn = ComponentUtil.getFessConfig().getLdapBaseDn();
- if (StringUtil.isNotBlank(baseDn)) {
- roles = ComponentUtil.getLdapManager().getRoles(this, baseDn);
+ final String accountFilter = ComponentUtil.getFessConfig().getLdapAccountFilter();
+ if (StringUtil.isNotBlank(baseDn) && StringUtil.isNotBlank(accountFilter)) {
+ roles = ComponentUtil.getLdapManager().getRoles(this, baseDn, accountFilter);
}
}
return roles;
diff --git a/src/main/java/org/codelibs/fess/mylasta/direction/FessProp.java b/src/main/java/org/codelibs/fess/mylasta/direction/FessProp.java
index e0f2c23c7454d97993ca195d3634ad4a00639052..d27cbc64dd4888ccc2fa1b4b74d48c99ed44fbab 100644
--- a/src/main/java/org/codelibs/fess/mylasta/direction/FessProp.java
+++ b/src/main/java/org/codelibs/fess/mylasta/direction/FessProp.java
@@ -47,4 +47,8 @@ public interface FessProp {
public default String getLdapBaseDn() {
return getProperty(Constants.LDAP_BASE_DN);
}
+
+ public default String getLdapAccountFilter() {
+ return getProperty(Constants.LDAP_ACCOUNT_FILTER);
+ }
}
diff --git a/src/main/resources/fess_label.properties b/src/main/resources/fess_label.properties
index e053a6a8ed04471da8c4d4d122217907e6bdf253..68dbe7b14aa05dc2c37197699835d8a7e41eaeed 100644
--- a/src/main/resources/fess_label.properties
+++ b/src/main/resources/fess_label.properties
@@ -136,6 +136,7 @@ labels.ex_q=Extended Query
labels.ldapProviderUrl=LDAP URL
labels.ldapSecurityPrincipal=Bind DN
labels.ldapBaseDn=Base DN
+labels.ldapAccountFilter=Account Filter
labels.menu_system=System
labels.menu_wizard=Wizard
@@ -661,4 +662,5 @@ labels.general_menu_ldap=LDAP
labels.ldap_provider_url=LDAP URL
labels.ldap_security_principal=Bind DN
labels.ldap_base_dn=Base DN
+labels.ldap_account_filter=Account Filter
labels.send_testmail=Send TestMail
diff --git a/src/main/webapp/WEB-INF/view/admin/general/admin_general.jsp b/src/main/webapp/WEB-INF/view/admin/general/admin_general.jsp
index b1ca3f7643d54fa82043d8cbb0f6f1a824c6868c..5be26996898922dfdc2349441e2297c61fcfa023 100644
--- a/src/main/webapp/WEB-INF/view/admin/general/admin_general.jsp
+++ b/src/main/webapp/WEB-INF/view/admin/general/admin_general.jsp
@@ -320,6 +320,16 @@
styleClass="form-control" />
</div>
</div>
+ <div class="form-group">
+ <label for="ldapAccountFilter"
+ class="col-sm-3 control-label"><la:message
+ key="labels.ldap_account_filter" /></label>
+ <div class="col-sm-9">
+ <la:errors property="ldapAccountFilter" />
+ <la:text property="ldapAccountFilter"
+ styleClass="form-control" />
+ </div>
+ </div>
</div>
<!-- /.box-body -->
<div class="box-footer">