1

Using adldap-laravel and Laravel 5.8.

I'm getting permissions based on LDAP groups. I can check if a user is part of a group using: $user->ldap->inGroup('Accounts'); (that returns a bool)

However that method also accepts an array, but seems to be an "AND" search, rather than "ANY".

So I've written this: 

/**
     * LDAP helper, to see if the user is in an AD group.
     * Iterate through and break when a match is found.
     *
     * @param mixed $input
     * @return bool
     */
    public function isInGroup($input)
    {
        if (is_string($input)) {
            $input[] = $input;
        }

        foreach ($input as $group)
            if ($this->ldap->inGroup($group)) {
                return true;
            }
        return false;
    }

Implemented like this: $user->isInGroup(['Accounts', 'Sales', 'Marketing']);

However it takes a long time to check.

Does anyone know of an improved way to solve my problem?

Fred
  • 69
  • 9

1 Answers1

1

Yes can do it via query builder of Adldap.

     /**
     * LDAP helper, to see if the user is in an AD group.
     * Iterate through and break when a match is found.
     *
     * @param mixed $input
     * @return bool
     */
    public function isInGroup($input){

        if (is_string($input)) {
            $input[] = $input;
        }

        $counter = 0;
        $groupQuery = $this->ldap->search()->groups();
        foreach ($input as $group) {
            if ($counter == 0) {
                $groupQuery->where('samaccountname', '=', $group);
            } else {
                $groupQuery->orWhere('samaccountname', '=', $group);
            }
$counter++;
        }

        return $groupQuery->get()->count();
     }

This samaccountname may be different field name for your LDAP provider. I couldn't tested it if has any syntax or method name error anyway you will find this same methods from your Adldap Provider class. The algorithm/process is same.

Mesuti
  • 878
  • 1
  • 13
  • 29