Merge pull request #5423 from jrjohnson/configurable-ldap-names

Make name LDAP properties configurable
ilios · Apr 26, 2024 · 7b8f16f · 7b8f16f
2 parents aa978b7 + 54c3e42
commit 7b8f16f
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 12 deletions.
diff --git a/docs/authentication_and_users.md b/docs/authentication_and_users.md
@@ -43,11 +43,13 @@ sudo -u apache bin/console --env=prod ilios:maintenance:set-config-value ldap_di
 sudo -u apache bin/console --env=prod ilios:maintenance:set-config-value ldap_directory_username_property <your campus value>
 ```
 
-| Property Name| Description| Example Value|
-|---|---|---|
-|  ldap_directory_url  |  URL to connect to your LDAP server including protocol  |  ldaps://directory.campus.edu  |
-|  ldap_directory_user  |  The user we will use to authenticate  |  uid=Ilios,ou=applications,dc=campus,dc=edu  |
-|  ldap_directory_password  |  The bind password for your user  |  123GoLdap!  |
-|  ldap_directory_search_base  |  What scope in the directory we should user for users  |  ou=people,dc=campus,dc=edu  |
-|  ldap_directory_campus_id_property  |  In the returned data for a user what property is unique and can be used to populate the campusId field in Ilios  |  eduIDNumber  |
-|  ldap_directory_username_property  |  In the returned data for a user what property contains the username that links to the **cas**, **ldap**, or **shibboleth** authentication service  |  eduPersonPrincipalName  |
+| Property Name                      | Description                                                                                                                                       | Example Value                              |
+|------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------|
+| ldap_directory_url                 | URL to connect to your LDAP server including protocol                                                                                             | ldaps://directory.campus.edu               |
+| ldap_directory_user                | The user we will use to authenticate                                                                                                              | uid=Ilios,ou=applications,dc=campus,dc=edu |
+| ldap_directory_password            | The bind password for your user                                                                                                                   | 123GoLdap!                                 |
+| ldap_directory_search_base         | What scope in the directory we should user for users                                                                                              | ou=people,dc=campus,dc=edu                 |
+| ldap_directory_campus_id_property  | In the returned data for a user what property is unique and can be used to populate the campusId field in Ilios                                   | eduIDNumber                                |
+| ldap_directory_username_property   | In the returned data for a user what property contains the username that links to the **cas**, **ldap**, or **shibboleth** authentication service | eduPersonPrincipalName                     |
+| ldap_directory_first_name_property | In the returned data for a user what property contains the first name. If this isn't provided it will default to **givenName**                    | givenName                                  |
+| ldap_directory_last_name_property  | In the returned data for a user what property contains the last name. If this isn't provided it will default to **sn**                            | sn                                         |
diff --git a/src/Service/LdapManager.php b/src/Service/LdapManager.php
@@ -7,9 +7,15 @@
 use Exception;
 use Symfony\Component\Ldap\Ldap;
 
+/**
+ * Manages the LDAP connection. Because the Symfony ldap class is marked as final,
+ * we need to wrap it here so that we can mock it in tests. This class is the lowest
+ * level in the test tree, it can't be tested itself because of the issue with mocking
+ * the final class.
+ */
 class LdapManager
 {
-    protected ?Ldap $ldap = null;
+    protected Ldap $ldap;
 
     /**
      * Constructor
@@ -28,6 +34,8 @@ public function search(string $filter): array
         $ldapUsernameProperty = $this->config->get('ldap_directory_username_property');
         $ldapDisplayNameProperty = $this->config->get('ldap_directory_display_name_property');
         $ldapPronounsProperty = $this->config->get('ldap_directory_pronouns_property');
+        $ldapFirstNameProperty = $this->config->get('ldap_directory_first_name_property') ?? 'givenName';
+        $ldapLastNameProperty = $this->config->get('ldap_directory_last_name_property') ?? 'sn';
 
         $rhett = [];
         try {
@@ -36,8 +44,8 @@ public function search(string $filter): array
             $results = $query->execute();
             $attributes = [
                 'mail' => 'email',
-                'sn' => 'lastName',
-                'givenName' => 'firstName',
+                $ldapLastNameProperty => 'lastName',
+                $ldapFirstNameProperty => 'firstName',
                 'telephoneNumber' => 'telephoneNumber',
                 $ldapCampusIdProperty => 'campusId',
                 $ldapUsernameProperty => 'username',
@@ -73,7 +81,7 @@ public function search(string $filter): array
 
     protected function getConnection(): Ldap
     {
-        if (! $this->ldap) {
+        if (!isset($this->ldap)) {
             $ldapUrl = $this->config->get('ldap_directory_url');
             $ldapBindUser = $this->config->get('ldap_directory_user');
             $ldapBindPassword = $this->config->get('ldap_directory_password');