inejge
commented
1 year ago There is ldap_escape() which is meant for escaping the values interpolated into the filter. Does that work for you?
Closed Zerowalker closed 1 year ago
inejge
commented
1 year ago There is ldap_escape() which is meant for escaping the values interpolated into the filter. Does that work for you?
inejge
commented
1 year ago Closing for lack of feedback.
Zerowalker
commented
1 year ago Sorry for late response. Missed that one completely, it seems to be just what i was looking for, thanks:)!
As far as i can tell there's no way to check if a user is in a group recursively without using the search filter.
For that I use something like this:
"(&(|(userPrincipalName=<user>)(sAMAccountName=<user>))(memberOf:1.2.840.113556.1.4.1941:=<gdn>))"Where the username is replaced by<user>and the group dn is replaced by<gdn>.Issue with this is that it's unsafe if the text isn't escaped properly as it allows for injection. This feels like something that's more appropriate to exist in the library itself (akin to how sql libraries and their queries), rather than having it implemented by the user independently.
It might also be of course that there already is something that achieves this safely that I have missed, but if not my suggestion stands:)
Thanks!