From 8049ddbd011e1a37f75a3be263edc6d0fa12f3e2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fran=C3=A7ois=20M=C3=A9nab=C3=A9?=
 <francois.menabe@gmail.com>
Date: Mon, 20 Apr 2020 21:25:25 +0200
Subject: [PATCH] Allow to set a filter for LDAP authentication (#1306)

---
 app/controllers/sessions_controller.rb | 1 +
 sample.env                             | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 33cfbf8a..2771cf5a 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -138,6 +138,7 @@ class SessionsController < ApplicationController
                                     'start_tls'
                                 end
     ldap_config[:base] = ENV['LDAP_BASE']
+    ldap_config[:filter] = ENV['LDAP_FILTER']
     ldap_config[:uid] = ENV['LDAP_UID']
 
     if params[:session][:username].blank? || session_params[:password].blank?
diff --git a/sample.env b/sample.env
index 668813c1..15dd119f 100644
--- a/sample.env
+++ b/sample.env
@@ -65,6 +65,7 @@ OAUTH2_REDIRECT=
 #   LDAP_BIND_DN=cn=admin,dc=example,dc=com
 #   LDAP_PASSWORD=password
 #   LDAP_ROLE_FIELD=ou
+#   LDAP_FILTER=(&(attr1=value1)(attr2=value2))
 LDAP_SERVER=
 LDAP_PORT=
 LDAP_METHOD=
@@ -74,6 +75,7 @@ LDAP_BIND_DN=
 LDAP_AUTH=
 LDAP_PASSWORD=
 LDAP_ROLE_FIELD=
+LDAP_FILTER=
 
 # Set this to true if you want GreenLight to support user signup and login without
 # Omniauth. For more information, see: