modify role handling for AD

src/main/java/org/codelibs/fess/Constants.java

@@ -368,4 +368,6 @@ public class Constants extends CoreLibConstants {
     public static final String LDAP_SECURITY_AUTHENTICATION = "ldap.security.authentication";
 
     public static final String LDAP_INITIAL_CONTEXT_FACTORY = "ldap.initial.context.factory";
+
+    public static final String LDAP_ACCOUNT_FILTER = "ldap.account.filter";
 }

src/main/java/org/codelibs/fess/app/web/admin/general/AdminGeneralAction.java

@@ -163,6 +163,7 @@ public class AdminGeneralAction extends FessAdminAction {
         updateProperty(Constants.LDAP_PROVIDER_URL, form.ldapProviderUrl);
         updateProperty(Constants.LDAP_SECURITY_PRINCIPAL, form.ldapSecurityPrincipal);
         updateProperty(Constants.LDAP_BASE_DN, form.ldapBaseDn);
+        updateProperty(Constants.LDAP_ACCOUNT_FILTER, form.ldapAccountFilter);
 
         crawlerProperties.store();
         saveInfo(messages -> messages.addSuccessUpdateCrawlerParams(GLOBAL));
@@ -201,6 +202,7 @@ public class AdminGeneralAction extends FessAdminAction {
         form.ldapProviderUrl = crawlerProperties.getProperty(Constants.LDAP_PROVIDER_URL, StringUtil.EMPTY);
         form.ldapSecurityPrincipal = crawlerProperties.getProperty(Constants.LDAP_SECURITY_PRINCIPAL, StringUtil.EMPTY);
         form.ldapBaseDn = crawlerProperties.getProperty(Constants.LDAP_BASE_DN, StringUtil.EMPTY);
+        form.ldapAccountFilter = crawlerProperties.getProperty(Constants.LDAP_ACCOUNT_FILTER, StringUtil.EMPTY);
     }
 
     private void updateProperty(final String key, final String value) {

src/main/java/org/codelibs/fess/app/web/admin/general/EditForm.java

@@ -124,4 +124,7 @@ public class EditForm implements Serializable {
 
     @Size(max = 1000)
     public String ldapBaseDn;
+
+    @Size(max = 1000)
+    public String ldapAccountFilter;
 }

src/main/java/org/codelibs/fess/ldap/LdapManager.java

@@ -80,15 +80,16 @@ public class LdapManager {
         return new LdapUser(env, username);
     }
 
-    public String[] getRoles(final LdapUser ldapUser, String bindDn) {
-        final List<String> rolelist = new ArrayList<String>();
+    public String[] getRoles(final LdapUser ldapUser, String bindDn, String accountFilter) {
+        final List<String> roleList = new ArrayList<String>();
 
         DirContext ctx = null;
         try {
             ctx = new InitialDirContext(ldapUser.getEnvironment());
 
-            //set search conditions
-            final String filter = "cn=" + ldapUser.getName();
+            // LDAP: cn=%s
+            // AD: (&(objectClass=user)(sAMAccountName=%s))
+            final String filter = String.format(accountFilter, ldapUser.getName());
             final SearchControls controls = new SearchControls();
             controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
 
@@ -119,7 +120,7 @@ public class LdapManager {
 
                         strTmp = strTmp.substring(strStart, strEnd);
 
-                        rolelist.add(strTmp);
+                        roleList.add(strTmp);
                     }
                 }
             }
@@ -136,6 +137,6 @@ public class LdapManager {
             }
         }
 
-        return rolelist.toArray(new String[rolelist.size()]);
+        return roleList.toArray(new String[roleList.size()]);
     }
 }

src/main/java/org/codelibs/fess/ldap/LdapUser.java

@@ -19,7 +19,6 @@ import java.util.Hashtable;
 
 import org.codelibs.core.lang.StringUtil;
 import org.codelibs.fess.entity.FessUser;
-import org.codelibs.fess.mylasta.direction.FessConfig;
 import org.codelibs.fess.util.ComponentUtil;
 
 public class LdapUser implements FessUser {
@@ -46,8 +45,9 @@ public class LdapUser implements FessUser {
     public String[] getRoleNames() {
         if (roles == null) {
             final String baseDn = ComponentUtil.getFessConfig().getLdapBaseDn();
-            if (StringUtil.isNotBlank(baseDn)) {
-                roles = ComponentUtil.getLdapManager().getRoles(this, baseDn);
+            final String accountFilter = ComponentUtil.getFessConfig().getLdapAccountFilter();
+            if (StringUtil.isNotBlank(baseDn) && StringUtil.isNotBlank(accountFilter)) {
+                roles = ComponentUtil.getLdapManager().getRoles(this, baseDn, accountFilter);
             }
         }
         return roles;

src/main/java/org/codelibs/fess/mylasta/direction/FessProp.java

@@ -47,4 +47,8 @@ public interface FessProp {
     public default String getLdapBaseDn() {
         return getProperty(Constants.LDAP_BASE_DN);
     }
+
+    public default String getLdapAccountFilter() {
+        return getProperty(Constants.LDAP_ACCOUNT_FILTER);
+    }
 }

src/main/resources/fess_label.properties

@@ -136,6 +136,7 @@ labels.ex_q=Extended Query
 labels.ldapProviderUrl=LDAP URL
 labels.ldapSecurityPrincipal=Bind DN
 labels.ldapBaseDn=Base DN
+labels.ldapAccountFilter=Account Filter
 
 labels.menu_system=System
 labels.menu_wizard=Wizard
@@ -661,4 +662,5 @@ labels.general_menu_ldap=LDAP
 labels.ldap_provider_url=LDAP URL
 labels.ldap_security_principal=Bind DN
 labels.ldap_base_dn=Base DN
+labels.ldap_account_filter=Account Filter
 labels.send_testmail=Send TestMail

src/main/webapp/WEB-INF/view/admin/general/admin_general.jsp

@@ -320,6 +320,16 @@
 												styleClass="form-control" />
 										</div>
 									</div>
+									<div class="form-group">
+										<label for="ldapAccountFilter"
+											class="col-sm-3 control-label"><la:message
+												key="labels.ldap_account_filter" /></label>
+										<div class="col-sm-9">
+											<la:errors property="ldapAccountFilter" />
+											<la:text property="ldapAccountFilter"
+												styleClass="form-control" />
+										</div>
+									</div>
 								</div>
 								<!-- /.box-body -->
 								<div class="box-footer">