From 4ebc1c7fafe2bb0174b2df9dbbae8239910ec921 Mon Sep 17 00:00:00 2001
From: Orsiris de Jong <ozy@netpower.fr>
Date: Tue, 7 Nov 2017 11:33:25 +0100
Subject: [PATCH] Filter disabled user accounts in ads LDAP

---
 inc/SP/Auth/Ldap/LdapMsAds.class.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/inc/SP/Auth/Ldap/LdapMsAds.class.php b/inc/SP/Auth/Ldap/LdapMsAds.class.php
index 9b2842e4..27587732 100644
--- a/inc/SP/Auth/Ldap/LdapMsAds.class.php
+++ b/inc/SP/Auth/Ldap/LdapMsAds.class.php
@@ -52,7 +52,7 @@ class LdapMsAds extends LdapBase
 
         $groupDN = ldap_escape($this->searchGroupDN());
 
-        return '(&(|(memberOf=' . $groupDN . ')(groupMembership=' . $groupDN . ')(memberof:1.2.840.113556.1.4.1941:=' . $groupDN . '))(|(objectClass=inetOrgPerson)(objectClass=person)(objectClass=simpleSecurityObject)))';
+        return '(&(|(memberOf=' . $groupDN . ')(groupMembership=' . $groupDN . ')(memberof:1.2.840.113556.1.4.1941:=' . $groupDN . '))(!(UserAccountControl:1.2.840.113556.1.4.803:=2))(|(objectClass=inetOrgPerson)(objectClass=person)(objectClass=simpleSecurityObject)))';
     }
 
     /**
@@ -102,7 +102,7 @@ class LdapMsAds extends LdapBase
     {
         $userLogin = ldap_escape($this->userLogin);
 
-        return '(&(|(samaccountname=' . $userLogin . ')(cn=' . $userLogin . ')(uid=' . $userLogin . '))(|(objectClass=inetOrgPerson)(objectClass=person)(objectClass=simpleSecurityObject))(objectCategory=person))';
+        return '(&(|(samaccountname=' . $userLogin . ')(cn=' . $userLogin . ')(uid=' . $userLogin . '))(!(UserAccountControl:1.2.840.113556.1.4.803:=2))(|(objectClass=inetOrgPerson)(objectClass=person)(objectClass=simpleSecurityObject))(objectCategory=person))';
     }
 
     /**
@@ -174,4 +174,4 @@ class LdapMsAds extends LdapBase
 
         return true;
     }
-}
\ No newline at end of file
+}