diff --git a/app/models.py b/app/models.py
index 8ae1596..6153181 100644
--- a/app/models.py
+++ b/app/models.py
@@ -212,6 +212,8 @@ class User(db.Model):
LDAP_BASE_DN = Setting().get('ldap_base_dn')
LDAP_FILTER_BASIC = Setting().get('ldap_filter_basic')
LDAP_FILTER_USERNAME = Setting().get('ldap_filter_username')
+ LDAP_FILTER_GROUP = Setting().get('ldap_filter_group')
+ LDAP_FILTER_GROUPNAME = Setting().get('ldap_filter_groupname')
LDAP_ADMIN_GROUP = Setting().get('ldap_admin_group')
LDAP_OPERATOR_GROUP = Setting().get('ldap_operator_group')
LDAP_USER_GROUP = Setting().get('ldap_user_group')
@@ -252,15 +254,17 @@ class User(db.Model):
if LDAP_GROUP_SECURITY_ENABLED:
try:
if LDAP_TYPE == 'ldap':
- if (self.ldap_search(searchFilter, LDAP_ADMIN_GROUP)):
+ groupSearchFilter = "(&({0}={1}){2})".format(LDAP_FILTER_GROUPNAME, ldap_username, LDAP_FILTER_GROUP)
+ logging.info('groupSearchFilter is {0}'.format(groupSearchFilter))
+ if (self.ldap_search(groupSearchFilter, LDAP_ADMIN_GROUP)):
role_name = 'Administrator'
logging.info(
'User {0} is part of the "{1}" group that allows admin access to PowerDNS-Admin'.format(self.username, LDAP_ADMIN_GROUP))
- elif (self.ldap_search(searchFilter, LDAP_OPERATOR_GROUP)):
+ elif (self.ldap_search(groupSearchFilter, LDAP_OPERATOR_GROUP)):
role_name = 'Operator'
logging.info('User {0} is part of the "{1}" group that allows operator access to PowerDNS-Admin'.format(
self.username, LDAP_OPERATOR_GROUP))
- elif (self.ldap_search(searchFilter, LDAP_USER_GROUP)):
+ elif (self.ldap_search(groupSearchFilter, LDAP_USER_GROUP)):
logging.info(
'User {0} is part of the "{1}" group that allows user access to PowerDNS-Admin'.format(self.username, LDAP_USER_GROUP))
else:
@@ -2015,7 +2019,9 @@ class Setting(db.Model):
'ldap_admin_username': '',
'ldap_admin_password': '',
'ldap_filter_basic': '',
+ 'ldap_filter_group': '',
'ldap_filter_username': '',
+ 'ldap_filter_groupname': '',
'ldap_sg_enabled': False,
'ldap_admin_group': '',
'ldap_operator_group': '',
diff --git a/app/templates/admin_setting_authentication.html b/app/templates/admin_setting_authentication.html
index 6e634b1..e5dda1b 100644
--- a/app/templates/admin_setting_authentication.html
+++ b/app/templates/admin_setting_authentication.html
@@ -140,6 +140,16 @@
+
+
+
+
+
+
+
+
+
+