From 340e0881d5128382bb19dc7fe958c6ed071926bf Mon Sep 17 00:00:00 2001
From: Dominik Csapak <d.csapak@proxmox.com>
Date: Fri, 13 Mar 2020 13:18:43 +0100
Subject: [PATCH] ldap: add optional classes to query_users

and filter by it

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
---
 src/PVE/LDAP.pm | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/PVE/LDAP.pm b/src/PVE/LDAP.pm
index 3294c51..ff98e36 100644
--- a/src/PVE/LDAP.pm
+++ b/src/PVE/LDAP.pm
@@ -94,7 +94,7 @@ sub auth_user_dn {
 }
 
 sub query_users {
-    my ($ldap, $filter, $attributes, $base_dn) = @_;
+    my ($ldap, $filter, $attributes, $base_dn, $classes) = @_;
 
     # build filter from given filter and attribute list
     my $tmp = "(|";
@@ -103,6 +103,14 @@ sub query_users {
     }
     $tmp .= ")";
 
+    if ($classes) {
+	$tmp = "(&$tmp(|";
+	for my $class (@$classes) {
+	    $tmp .= "(objectclass=$class)";
+	}
+	$tmp .= "))";
+    }
+
     if ($filter) {
 	$filter = "($filter)" if $filter !~ m/^\(.*\)$/;
 	$filter = "(&${filter}${tmp})"
-- 
2.39.2