From 1b49689d67b4cd65f5d00b165c3a1ae4bcb390ea Mon Sep 17 00:00:00 2001
From: Bob Clough <bob.clough@codethink.co.uk>
Date: Tue, 5 Dec 2023 18:33:26 +0000
Subject: [PATCH] LDAP3: Allow the user to set the search filter.

This should allow us to only sync a subset of users.

Closes: #98
---
 lifecycle/source_ldap3.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/lifecycle/source_ldap3.py b/lifecycle/source_ldap3.py
index 4c249c4..9a6e60c 100644
--- a/lifecycle/source_ldap3.py
+++ b/lifecycle/source_ldap3.py
@@ -22,10 +22,14 @@ class SourceLDAP3(SourceBase):
         "bind_password",
         "anonymous_bind",
         "use_ssl",
+        "search_filter",
+        "group_search_filter",
     }
     default_config = {
         "anonymous_bind": False,
         "use_ssl": True,
+        "search_filter": "(objectclass=organizationalPerson)",
+        "group_search_filter": "(objectClass=groupOfNames)",
     }
 
     def configure(self, config: Dict):
@@ -66,7 +70,7 @@ def fetch_users(self, refresh: bool = False) -> Dict[str, User]:
 
         connection.search(
             search_base=self.config["base_dn"],
-            search_filter="(objectclass=organizationalPerson)",
+            search_filter=self.config["search_filter"],
             search_scope=ldap3.SUBTREE,
             attributes=[
                 "description",
@@ -113,7 +117,7 @@ def fetch_groups(self):
 
         connection.search(
             search_base=self.config["base_dn"],
-            search_filter="(objectClass=groupOfNames)",
+            search_filter=self.config["group_search_filter"],
             search_scope=ldap3.SUBTREE,
             attributes=["description", "mail", "member", "cn"],
         )