configure heartbeat search query and constraint the search under base dn

auth0 · Nov 30, 2020 · ae3978b · ae3978b
1 parent ce7fd68
commit ae3978b
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 2 deletions.
diff --git a/lib/initConf.js b/lib/initConf.js
@@ -10,6 +10,7 @@ var defaults = {
   LDAP_SEARCH_GROUPS:                   '(member:1.2.840.113556.1.4.1941:={0})',
   LDAP_USER_BY_NAME:                    '(sAMAccountName={0})',
   LDAP_NUMBER_OF_PARALLEL_BINDS:        1,
+  LDAP_HEARTBEAT_SEARCH_QUERY:          '(&(objectclass=user)(|(sAMAccountName=foo)(UserPrincipalName=foo)))',
   WSFED_ISSUER:                         'urn:auth0',
   AGENT_MODE:                           true,
   GROUPS:                               true,
@@ -18,7 +19,7 @@ var defaults = {
   GROUP_PROPERTY:                       'cn',
   GROUP_PROPERTIES:                     [],
   GROUPS_CACHE_SECONDS:                 600,
-  GROUPS_DEREF_ALIASES:			0,  
+  GROUPS_DEREF_ALIASES:			0,
   ALLOW_PASSWORD_EXPIRED:               false,
   ALLOW_PASSWORD_CHANGE_REQUIRED:       false,
   OVERRIDE_CONFIG:                      true,

diff --git a/lib/ldap.js b/lib/ldap.js
@@ -28,7 +28,12 @@ function initializeConnection () {
   });
 
   connection.heartbeat = function (callback) {
-    connection.search('', '(&(objectclass=user)(|(sAMAccountName=foo)(UserPrincipalName=foo)))', function (err, res) {
+    var opts = {
+      scope: 'sub',
+      filter: nconf.get('LDAP_HEARTBEAT_SEARCH_QUERY'),
+      sizeLimit: 1
+    };
+    connection.search(nconf.get('LDAP_BASE'), opts, function (err, res) {
       if (err) {
         return callback(err);
       }