Also exclude accounts that don't need passwords

Change bitwise filter logic from AND (803) to OR (804) and also filter account bit 32
2026-03-09 09:56:56 +01:00 · 2017-11-07 11:46:11 +01:00
parent 4ebc1c7faf
commit 532e679e55
1 changed files with 2 additions and 2 deletions
--- a/inc/SP/Auth/Ldap/LdapMsAds.class.php
+++ b/inc/SP/Auth/Ldap/LdapMsAds.class.php
@@ -52,7 +52,7 @@ class LdapMsAds extends LdapBase

        $groupDN = ldap_escape($this->searchGroupDN());

-        return '(&(|(memberOf=' . $groupDN . ')(groupMembership=' . $groupDN . ')(memberof:1.2.840.113556.1.4.1941:=' . $groupDN . '))(!(UserAccountControl:1.2.840.113556.1.4.803:=2))(|(objectClass=inetOrgPerson)(objectClass=person)(objectClass=simpleSecurityObject)))';
+        return '(&(|(memberOf=' . $groupDN . ')(groupMembership=' . $groupDN . ')(memberof:1.2.840.113556.1.4.1941:=' . $groupDN . '))(!(UserAccountControl:1.2.840.113556.1.4.804:=34))(|(objectClass=inetOrgPerson)(objectClass=person)(objectClass=simpleSecurityObject)))';
    }

    /**
@@ -102,7 +102,7 @@ class LdapMsAds extends LdapBase
    {
        $userLogin = ldap_escape($this->userLogin);

-        return '(&(|(samaccountname=' . $userLogin . ')(cn=' . $userLogin . ')(uid=' . $userLogin . '))(!(UserAccountControl:1.2.840.113556.1.4.803:=2))(|(objectClass=inetOrgPerson)(objectClass=person)(objectClass=simpleSecurityObject))(objectCategory=person))';
+        return '(&(|(samaccountname=' . $userLogin . ')(cn=' . $userLogin . ')(uid=' . $userLogin . '))(!(UserAccountControl:1.2.840.113556.1.4.804:=34))(|(objectClass=inetOrgPerson)(objectClass=person)(objectClass=simpleSecurityObject))(objectCategory=person))';
    }

    /**