handle differently ldap attributes that do not support wildcard

Yvand · Feb 8, 2024 · 4a67b76 · 4a67b76
1 parent 954a78e
commit 4a67b76
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 12 deletions.
diff --git a/Yvand.LDAPCPSE/Yvand.LdapClaimsProvider/Configuration/ClaimTypeConfig.cs b/Yvand.LDAPCPSE/Yvand.LdapClaimsProvider/Configuration/ClaimTypeConfig.cs
@@ -388,17 +388,6 @@ internal void Add(ClaimTypeConfig item, bool strictChecks)
                     }
                 }
             }
-
-            // Enforce some settings for specific LDAP attributes
-            if (String.Equals(item.DirectoryObjectAttribute, "objectSid", StringComparison.InvariantCultureIgnoreCase))
-            {
-                item.DirectoryObjectAttributeSupportsWildcard = false; // For objectSid, no wildcard possible
-            }
-            else if (String.Equals(item.DirectoryObjectAttribute, "primaryGroupID", StringComparison.InvariantCultureIgnoreCase))
-            {
-                item.DirectoryObjectAttributeSupportsWildcard = false; // For primaryGroupID, no wildcard possible
-            }
-
             innerCol.Add(item);
         }
 

diff --git a/Yvand.LDAPCPSE/Yvand.LdapClaimsProvider/LdapEntityProvider.cs b/Yvand.LDAPCPSE/Yvand.LdapClaimsProvider/LdapEntityProvider.cs
@@ -448,8 +448,18 @@ protected string BuildFilter(OperationContext currentContext)
 
         protected string AddLdapAttributeToFilter(OperationContext currentContext, string input, ClaimTypeConfig attributeConfig)
         {
-            string inputFormatted;
+            // Prevent use of wildcard for LDAP attributes which do not support it
+            if (String.Equals(attributeConfig.DirectoryObjectAttribute, "objectSid", StringComparison.InvariantCultureIgnoreCase))
+            {
+                attributeConfig.DirectoryObjectAttributeSupportsWildcard = false; // For objectSid, no wildcard possible
+            }
+            else if (String.Equals(attributeConfig.DirectoryObjectAttribute, "primaryGroupID", StringComparison.InvariantCultureIgnoreCase))
+            {
+                attributeConfig.DirectoryObjectAttributeSupportsWildcard = false; // For primaryGroupID, no wildcard possible
+            }
+
             // Test if wildcard(s) should be added to the input
+            string inputFormatted;
             if (currentContext.ExactSearch || !attributeConfig.DirectoryObjectAttributeSupportsWildcard)
             {
                 inputFormatted = input;