From b069d66ab45e26409c43904e124d8c646b187cd6 Mon Sep 17 00:00:00 2001 From: Erik Saarts Date: Fri, 8 May 2026 08:42:31 +0300 Subject: [PATCH 1/2] LDAP: add fallback to mailPrimaryAddress when determining user domain --- .../ldapauthenticator/cli/controller/Sync.php | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/www/go/modules/community/ldapauthenticator/cli/controller/Sync.php b/www/go/modules/community/ldapauthenticator/cli/controller/Sync.php index c51c60a33..4795e81be 100644 --- a/www/go/modules/community/ldapauthenticator/cli/controller/Sync.php +++ b/www/go/modules/community/ldapauthenticator/cli/controller/Sync.php @@ -228,7 +228,18 @@ private function getGOUserName(Record $record, Server $server): bool|string } } - $mailDomain = isset($record->mail[0]) ? explode('@', $record->mail[0])[1] : null; + // Try to determine mail domain from common LDAP attributes. + // Some directories (e.g. UCS) use non-standard attributes like "mailPrimaryAddress". + $mail = null; + + foreach (['mail', 'mailprimaryaddress'] as $attr) { + if (!empty($record->{$attr}[0]) && str_contains($record->{$attr}[0], '@')) { + $mail = $record->{$attr}[0]; + break; + } + } + + $mailDomain = $mail ? explode('@', $mail, 2)[1] : null; if (empty($domain) || !in_array($domain, $this->domains)) { go()->info("Using domain from mail property for " . $username); @@ -527,4 +538,4 @@ private function logDeletes(array $deleteIds, int $totalInLDAP, int $maxDeletePe throw new Exception("Delete Aborted because script was about to delete more then $maxDeletePercentage% (" . $percentageToDelete . "%, " . ($totalInGO - $totalInLDAP) . " groups)\n"); } } -} \ No newline at end of file +} From 7d4100159d7897e099a32a94b937970d516bba97 Mon Sep 17 00:00:00 2001 From: Erik Saarts Date: Fri, 8 May 2026 11:24:10 +0300 Subject: [PATCH 2/2] LDAP: use ldapMapping email field for domain detection --- .../ldapauthenticator/cli/controller/Sync.php | 25 +++++++++++++------ 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/www/go/modules/community/ldapauthenticator/cli/controller/Sync.php b/www/go/modules/community/ldapauthenticator/cli/controller/Sync.php index 4795e81be..ceebd5f19 100644 --- a/www/go/modules/community/ldapauthenticator/cli/controller/Sync.php +++ b/www/go/modules/community/ldapauthenticator/cli/controller/Sync.php @@ -228,18 +228,29 @@ private function getGOUserName(Record $record, Server $server): bool|string } } - // Try to determine mail domain from common LDAP attributes. - // Some directories (e.g. UCS) use non-standard attributes like "mailPrimaryAddress". + // Determine email using LDAP mapping if available + $config = go()->getConfig(); + $mapping = $config['ldapMapping'] ?? null; + $mail = null; - foreach (['mail', 'mailprimaryaddress'] as $attr) { - if (!empty($record->{$attr}[0]) && str_contains($record->{$attr}[0], '@')) { - $mail = $record->{$attr}[0]; - break; + if (isset($mapping['email'])) { + if (is_callable($mapping['email'])) { + $mail = $mapping['email']($record); + } else { + $attr = strtolower($mapping['email']); + $mail = $record->{$attr}[0] ?? null; } } - $mailDomain = $mail ? explode('@', $mail, 2)[1] : null; + // Fallback to default LDAP mail attribute + if (!$mail) { + $mail = $record->mail[0] ?? null; + } + + $mailDomain = $mail && str_contains($mail, '@') + ? explode('@', $mail, 2)[1] + : null; if (empty($domain) || !in_array($domain, $this->domains)) { go()->info("Using domain from mail property for " . $username);