Filter disabled user accounts in ads LDAP

2026-03-06 08:34:16 +01:00 · 2017-11-07 11:33:25 +01:00
parent d52f3d680f
commit 4ebc1c7faf
1 changed files with 3 additions and 3 deletions
--- a/inc/SP/Auth/Ldap/LdapMsAds.class.php
+++ b/inc/SP/Auth/Ldap/LdapMsAds.class.php
@@ -52,7 +52,7 @@ class LdapMsAds extends LdapBase

        $groupDN = ldap_escape($this->searchGroupDN());

-        return '(&(|(memberOf=' . $groupDN . ')(groupMembership=' . $groupDN . ')(memberof:1.2.840.113556.1.4.1941:=' . $groupDN . '))(|(objectClass=inetOrgPerson)(objectClass=person)(objectClass=simpleSecurityObject)))';
+        return '(&(|(memberOf=' . $groupDN . ')(groupMembership=' . $groupDN . ')(memberof:1.2.840.113556.1.4.1941:=' . $groupDN . '))(!(UserAccountControl:1.2.840.113556.1.4.803:=2))(|(objectClass=inetOrgPerson)(objectClass=person)(objectClass=simpleSecurityObject)))';
    }

    /**
@@ -102,7 +102,7 @@ class LdapMsAds extends LdapBase
    {
        $userLogin = ldap_escape($this->userLogin);

-        return '(&(|(samaccountname=' . $userLogin . ')(cn=' . $userLogin . ')(uid=' . $userLogin . '))(|(objectClass=inetOrgPerson)(objectClass=person)(objectClass=simpleSecurityObject))(objectCategory=person))';
+        return '(&(|(samaccountname=' . $userLogin . ')(cn=' . $userLogin . ')(uid=' . $userLogin . '))(!(UserAccountControl:1.2.840.113556.1.4.803:=2))(|(objectClass=inetOrgPerson)(objectClass=person)(objectClass=simpleSecurityObject))(objectCategory=person))';
    }

    /**
@@ -174,4 +174,4 @@ class LdapMsAds extends LdapBase

        return true;
    }
-}
+}