From 7a769c50dda1bda0de3254df3b2d12eaefbe6708 Mon Sep 17 00:00:00 2001
From: Ilya Maltsev <i.y.maltsev@yandex.ru>
Date: Mon, 4 Jul 2022 10:17:31 +0300
Subject: [PATCH] Ldap search filter fixing (#438)

* fixing config parser

* fixing  ldapsearchfilter

implementing standard logic for ldapsearchfilter - for example:
https://github.com/postgres/pgadmin4/blob/master/web/pgadmin/authenticate/ldap.py -   def search_ldap_user

* add example for ldapsearchfilter

* fix format
---
 config-examples/odyssey-dev-ldap.conf |  1 +
 sources/config_reader.c               | 10 ++++++++--
 sources/ldap.c                        | 11 ++++++-----
 3 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/config-examples/odyssey-dev-ldap.conf b/config-examples/odyssey-dev-ldap.conf
index 4d849d05..ca4b639b 100644
--- a/config-examples/odyssey-dev-ldap.conf
+++ b/config-examples/odyssey-dev-ldap.conf
@@ -59,6 +59,7 @@ ldap_endpoint "ldap1" {
         ldapbasedn "dc=example,dc=org"
         ldapbinddn "cn=admin,dc=example,dc=org"
         ldapbindpasswd "admin"
+#       ldapsearchfilter "(memberOf=cn=test-db-for-ldap,cn=groups,dc=example,dc=org)"
         ldapsearchattribute "gecos"
         ldapserver "localhost"
         ldapport 389
diff --git a/sources/config_reader.c b/sources/config_reader.c
index 9494ebf1..2eeed930 100644
--- a/sources/config_reader.c
+++ b/sources/config_reader.c
@@ -126,7 +126,7 @@ typedef enum {
 	OD_LLDAP_BIND_PASSWD,
 	OD_LLDAP_SCHEME,
 	OD_LLDAP_SCOPE,
-	OD_LLDAP_FILTER,
+	OD_LLDAP_SEARCH_FILTER,
 	OD_LLDAP_ENDPOINT_NAME,
 	OD_LWATCHDOG,
 	OD_LWATCHDOG_LAG_QUERY,
@@ -274,7 +274,7 @@ static od_keyword_t od_config_keywords[] = {
 	od_keyword("ldapurl", OD_LLDAP_URL),
 	od_keyword("ldapsearchattribute", OD_LLDAP_SEARCH_ATTRIBUTE),
 	od_keyword("ldapscheme", OD_LLDAP_SCHEME),
-	od_keyword("ldapfilter", OD_LLDAP_FILTER),
+	od_keyword("ldapsearchfilter", OD_LLDAP_SEARCH_FILTER),
 	od_keyword("ldapscope", OD_LLDAP_SCOPE),
 	od_keyword("ldap_endpoint_name", OD_LLDAP_ENDPOINT_NAME),
 
@@ -1464,6 +1464,12 @@ od_config_reader_ldap_endpoint(od_config_reader_t *reader)
 				    reader, &ldap_current->ldapbindpasswd))
 				goto error;
 
+		} break;
+		case OD_LLDAP_SEARCH_FILTER: {
+			if (!od_config_reader_string(
+				    reader, &ldap_current->ldapsearchfilter))
+				goto error;
+
 		} break;
 		}
 	}
diff --git a/sources/ldap.c b/sources/ldap.c
index 47c75a96..7581afcb 100644
--- a/sources/ldap.c
+++ b/sources/ldap.c
@@ -135,11 +135,7 @@ static inline od_retcode_t od_ldap_server_prepare(od_logger_t *logger,
 			return NOT_OK_RESPONSE;
 		}
 
-		/* Build a custom filter or a single attribute filter? */
-		if (serv->endpoint->ldapsearchfilter) {
-			// TODO: support;
-			return NOT_OK_RESPONSE;
-		} else if (serv->endpoint->ldapsearchattribute) {
+		if (serv->endpoint->ldapsearchattribute) {
 			od_asprintf(&filter, "(%s=%s)",
 				    serv->endpoint->ldapsearchattribute,
 				    client->startup.user.value);
@@ -148,6 +144,11 @@ static inline od_retcode_t od_ldap_server_prepare(od_logger_t *logger,
 				    client->startup.user.value);
 		}
 
+		if (serv->endpoint->ldapsearchfilter) {
+			od_asprintf(&filter, "(&%s%s)", filter,
+				    serv->endpoint->ldapsearchfilter);
+		}
+
 		rc = ldap_search_s(serv->conn, serv->endpoint->ldapbasedn,
 				   LDAP_SCOPE_SUBTREE, filter, attributes, 0,
 				   &search_message);