Allow more elaborate LDAP queries

[elieux]

Would it be possible/desired to allow more complex LDAP queries, possibly in form of a callback? University's tree is kinda complicated(*) and I need to parse the auth token into several pieces to get the correct query. I know I could define LDAP_DNQUERY as '&' and put the whole query into the auth token, but I want to make it easy for the contest admin.

A somewhat hacky solution is in elieux/domjudge@8e0ffbe66104c9b547e89eb342b6844e1254f338

*) It's also possible I missed something and the query can be done in a simpler way.

[eldering]

I don't have experience using LDAP with DOMjudge in an real environment, but in principle the idea sounds fine to me. I'd rather not put the callback function (or any code) in the config file. Does putting that function in 'lib/www/auth.php' sound ok?

[elieux]

I assumed that when deploying DOMjudge, I'm supposed to change only config files, not the libraries. Am I wrong?

How about defining a constant (e.g. LDAP_QUERY_FUNCTION) that would contain the name of the transform function? By default, it would reference the simple function (defined in lib/www/auth.php), but could be changed to reference a custom function, possibly defined in the config file.

[thijskh]

To understand the problem better: what would your local implementation of the function look like?

[elieux]

Example: User with login bon007 has DN CN=bon007,ou=7,ou=USERS,o=VSB.

define('LDAP_DNQUERY', 'CN={user},ou={num},ou=USERS,o=VSB');
function ldap_get_dn_for_user($user) {
  $replacements = array(
    'user' => $user,
    'num'  => -1,
  );

  if (mb_strlen($user) > 0)
    $replacements['num'] = (int)mb_substr($user, -1, 1);

  return strtr($replacements, LDAP_DNQUERY);
}

That is, just use the programmatic flexibility that the config file provides you; while there is no need to change the core code.

[eldering]

Closing as wontfix for the master codebase. As individual workaround one can always add this functionality.