feat: add custom ldap search filters (#216)

frontend/src/lib/types/application-configuration.ts

@@ -23,6 +23,8 @@ export type AllAppConfig = AppConfig & {
 	ldapBindDn: string;
 	ldapBindPassword: string;
 	ldapBase: string;
+	ldapUserSearchFilter: string;
+	ldapUserGroupSearchFilter: string;
 	ldapSkipCertVerify: boolean;
 	ldapAttributeUserUniqueIdentifier: string;
 	ldapAttributeUserUsername: string;

frontend/src/routes/settings/admin/application-configuration/forms/app-config-ldap-form.svelte

@@ -28,6 +28,8 @@
 		ldapBindDn: appConfig.ldapBindDn,
 		ldapBindPassword: appConfig.ldapBindPassword,
 		ldapBase: appConfig.ldapBase,
+		ldapUserSearchFilter: appConfig.ldapUserSearchFilter,
+		ldapUserGroupSearchFilter: appConfig.ldapUserGroupSearchFilter,
 		ldapSkipCertVerify: appConfig.ldapSkipCertVerify,
 		ldapAttributeUserUniqueIdentifier: appConfig.ldapAttributeUserUniqueIdentifier,
 		ldapAttributeUserUsername: appConfig.ldapAttributeUserUsername,
@@ -44,6 +46,8 @@
 		ldapBindDn: z.string().min(1),
 		ldapBindPassword: z.string().min(1),
 		ldapBase: z.string().min(1),
+		ldapUserSearchFilter: z.string().min(1),
+		ldapUserGroupSearchFilter: z.string().min(1),
 		ldapSkipCertVerify: z.boolean(),
 		ldapAttributeUserUniqueIdentifier: z.string().min(1),
 		ldapAttributeUserUsername: z.string().min(1),
@@ -102,6 +106,18 @@
 		/>
 		<FormInput label="LDAP Bind Password" type="password" bind:input={$inputs.ldapBindPassword} />
 		<FormInput label="LDAP Base DN" placeholder="dc=example,dc=com" bind:input={$inputs.ldapBase} />
+		<FormInput
+			label="User Search Filter"
+			description="The Search filter to use to search/sync users."
+			placeholder="(objectClass=person)"
+			bind:input={$inputs.ldapUserSearchFilter}
+		/>
+		<FormInput
+			label="Groups Search Filter"
+			description="The Search filter to use to search/sync groups."
+			placeholder="(objectClass=groupOfNames)"
+			bind:input={$inputs.ldapUserGroupSearchFilter}
+		/>
 		<CheckboxWithLabel
 			id="skip-cert-verify"
 			label="Skip Certificate Verification"

frontend/tests/application-configuration.spec.ts

@@ -58,6 +58,8 @@ test('Update LDAP configuration', async ({ page }) => {
 	await page.getByLabel('LDAP Bind DN').fill('cn=admin,dc=example,dc=com');
 	await page.getByLabel('LDAP Bind Password').fill('password');
 	await page.getByLabel('LDAP Base DN').fill('dc=example,dc=com');
+	await page.getByLabel('User Search Filter').fill('(objectClass=person)');
+	await page.getByLabel('Groups Search Filter').fill('(objectClass=groupOfUniqueNames)');
 	await page.getByLabel('User Unique Identifier Attribute').fill('uuid');
 	await page.getByLabel('Username Attribute').fill('uid');
 	await page.getByLabel('User Mail Attribute').fill('mail');
@@ -78,6 +80,8 @@ test('Update LDAP configuration', async ({ page }) => {
 	await expect(page.getByLabel('LDAP Bind DN')).toHaveValue('cn=admin,dc=example,dc=com');
 	await expect(page.getByLabel('LDAP Bind Password')).toHaveValue('password');
 	await expect(page.getByLabel('LDAP Base DN')).toHaveValue('dc=example,dc=com');
+	await page.getByLabel('User Search Filter').fill('(objectClass=person)');
+	await page.getByLabel('Groups Search Filter').fill('(objectClass=groupOfUniqueNames)');
 	await expect(page.getByLabel('User Unique Identifier Attribute')).toHaveValue('uuid');
 	await expect(page.getByLabel('Username Attribute')).toHaveValue('uid');
 	await expect(page.getByLabel('User Mail Attribute')).toHaveValue('mail');