GUACAMOLE-101: Impelement properties for controller user and connection search filters.

extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java

@@ -270,7 +270,46 @@ public class ConfigurationService {
         constraints.setDereference(getDereferenceAliases().DEREF_VALUE);
 
         return constraints;
+    }
 
+    /**
+     * Returns the search filter that should be used when querying the
+     * LDAP server for Guacamole users.  If no filter is specified,
+     * a default of objectClass=* is returned.
+     *
+     * @return
+     *     The search filter that should be used when querying the
+     *     LDAP server for users that are valid in Guacamole, or
+     *     objectClass=* if not specified.
+     *
+     * @throws GuacamoleException
+     *     If guacamole.properties cannot be parsed.
+     */
+    public String getUserSearchFilter() throws GuacamoleException {
+        return environment.getProperty(
+            LDAPGuacamoleProperties.LDAP_USER_SEARCH_FILTER,
+            "(objectClass=*)"
+        );
+    }
+
+    /**
+     * Returns the search filter that should be used when querying the 
+     * LDAP server for Guacamole connections.  If no filter is specified,
+     * null is returned.
+     * 
+     * @return
+     *     The search filter that should be used when querying the 
+     *     LDAP server for connections for Guacamole, or 
+     *     null if no filter is specified. 
+     *
+     * @throws GuacamoleException
+     *     If guacamole.properties cannot be parsed.
+     */
+    public String getConnectionSearchFilter() throws GuacamoleException {
+        return environment.getProperty(
+            LDAPGuacamoleProperties.LDAP_CONNECTION_SEARCH_FILTER,
+            "(objectClass=guacConfigGroup)"
+        );
     }
 
 }

extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPGuacamoleProperties.java

@@ -164,4 +164,24 @@ public class LDAPGuacamoleProperties {
 
     };
 
+    /**
+     * A search filter to apply to the user LDAP query.
+     */
+    public static final StringGuacamoleProperty LDAP_USER_SEARCH_FILTER = new StringGuacamoleProperty() {
+
+        @Override
+        public String getName() { return "ldap-user-search-filter"; }
+
+    };
+
+    /**
+     * A search filter to apply to the connection LDAP query.
+     */
+    public static final StringGuacamoleProperty LDAP_CONNECTION_SEARCH_FILTER = new StringGuacamoleProperty() {
+
+        @Override
+        public String getName() { return "ldap-connection-search-filter"; }
+
+    };
+
 }

extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/connection/ConnectionService.java

@@ -227,7 +227,9 @@ public class ConnectionService {
         StringBuilder connectionSearchFilter = new StringBuilder();
 
         // Add the prefix to the search filter, prefix filter searches for guacConfigGroups with the userDN as the member attribute value
-        connectionSearchFilter.append("(&(objectClass=guacConfigGroup)(|(member=");
+        connectionSearchFilter.append("(&");
+        connectionSearchFilter.append(confService.getConnectionSearchFilter());
+        connectionSearchFilter.append("(|(member=");
         connectionSearchFilter.append(escapingService.escapeLDAPSearchFilter(userDN));
         connectionSearchFilter.append(")");
 
@@ -239,7 +241,7 @@ public class ConnectionService {
             LDAPSearchResults userRoleGroupResults = ldapConnection.search(
                 groupBaseDN,
                 LDAPConnection.SCOPE_SUB,
-                "(&(!(objectClass=guacConfigGroup))(member=" + escapingService.escapeLDAPSearchFilter(userDN) + "))",
+                "(&(!" + confService.getConnectionSearchFilter() + ")(member=" + escapingService.escapeLDAPSearchFilter(userDN) + "))",
                 null,
                 false,
                 confService.getLDAPSearchConstraints()

extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/UserService.java

@@ -85,11 +85,18 @@ public class UserService {
 
         try {
 
+            StringBuilder userSearchFilter = new StringBuilder();
+            userSearchFilter.append("(&");
+            userSearchFilter.append(confService.getUserSearchFilter());
+            userSearchFilter.append("(" + escapeService.escapeLDAPSearchFilter(usernameAttribute) + "=*)");
+            userSearchFilter.append(")");
+         
+
             // Find all Guacamole users underneath base DN
             LDAPSearchResults results = ldapConnection.search(
                 confService.getUserBaseDN(),
                 LDAPConnection.SCOPE_SUB,
-                "(&(objectClass=*)(" + escapingService.escapeLDAPSearchFilter(usernameAttribute) + "=*))",
+                userSearchFilter.toString(),
                 null,
                 false,
                 confService.getLDAPSearchConstraints()
@@ -189,7 +196,9 @@ public class UserService {
 
         // Build LDAP query for users having at least one username attribute
         // with the specified username as its value
-        StringBuilder ldapQuery = new StringBuilder("(&(objectClass=*)");
+        StringBuilder ldapQuery = new StringBuilder();
+        ldapQuery.append("(&");
+        ldapQuery.append(confService.getUserSearchFilter());
 
         // Include all attributes within OR clause if there are more than one
         if (usernameAttributes.size() > 1)