ldap: add optional classes to query_users

and filter by it

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>

diff --git a/src/PVE/LDAP.pm b/src/PVE/LDAP.pm
index 3294c51aacfd634e3dba01926db71ebf42c31410..ff98e367e63265bf76c0f302847c3749eea095a6 100644 (file)
--- a/src/PVE/LDAP.pm
+++ b/src/PVE/LDAP.pm
@@ -94,7 +94,7 @@ sub auth_user_dn {
 }
 
 sub query_users {
-    my ($ldap, $filter, $attributes, $base_dn) = @_;
+    my ($ldap, $filter, $attributes, $base_dn, $classes) = @_;
 
     # build filter from given filter and attribute list
     my $tmp = "(|";
@@ -103,6 +103,14 @@ sub query_users {
     }
     $tmp .= ")";
 
+    if ($classes) {
+       $tmp = "(&$tmp(|";
+       for my $class (@$classes) {
+           $tmp .= "(objectclass=$class)";
+       }
+       $tmp .= "))";
+    }
+
     if ($filter) {
        $filter = "($filter)" if $filter !~ m/^\(.*\)$/;
        $filter = "(&${filter}${tmp})"