DN wildcard in account type filter

lam/HISTORY

@@ -1,5 +1,7 @@
 March 2013 4.1
   - updated EDU person module (RFE 3599128)
+  - fixed bugs:
+   -> changed user and group size limits (3601649)
 
 
 06.01.2013 4.0.1

lam/docs/manual-sources/howto.xml

@@ -11,16 +11,13 @@
     an LDAP directory. LAM runs on any webserver with PHP5 support and
     connects to your LDAP server unencrypted or via SSL/TLS.</para>
 
-    <para>Currently LAM supports these account types: Samba 3, Unix, Kolab 2,
-    address book entries, NIS mail aliases and MAC addresses. There is a tree
-    viewer included to allow access to the raw LDAP attributes. You can use
-    templates for account creation and use multiple configuration profiles.
-    LAM is translated to Catalan, Chinese (Traditional + Simplified), Czech,
-    Dutch, English, French, German, Hungarian, Italian, Japanese, Polish,
-    Portuguese, Russian and Spanish.</para>
+    <para>LAM supports Samba 3, Unix, Zarafa, Kolab 2, address book entries,
+    NIS mail aliases, MAC addresses and much more. There is a tree viewer
+    included to allow access to the raw LDAP attributes. You can use templates
+    for account creation and use multiple configuration profiles.</para>
 
     <para><ulink
-    url="http://www.ldap-account-manager.org/">http://www.ldap-account-manager.org/</ulink></para>
+    url="https://www.ldap-account-manager.org/">https://www.ldap-account-manager.org/</ulink></para>
 
     <para>Copyright (C) 2003 - 2013 Roland Gruber
     &lt;post@rolandgruber.de&gt;</para>
@@ -1204,7 +1201,9 @@ Have fun!
               LAM will automatically detect the right LDAP entries for each
               account type. This can be used to further limit the number of
               visible entries (e.g. if you want to manage only some specific
-              groups).</para>
+              groups). You can use "@@LOGIN_DN@@" as wildcard (e.g.
+              "(owner=@@LOGIN_DN@@)"). It will be replaced by the DN of the
+              user who is logged in.</para>
             </listitem>
 
             <listitem>

lam/help/help.inc

@@ -4,7 +4,7 @@ $Id$
 
   This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
   Copyright (C) 2003 - 2006 Michael Duergner
-                2003 - 2012 Roland Gruber
+                2003 - 2013 Roland Gruber
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -151,6 +151,7 @@ $helpArray = array (
 					"Text" => _("Here you can input simple filter expressions (e.g. 'value' or 'v*'). The filter is case-sensitive.")),
 				"260" => array ("Headline" => _("Additional LDAP filter"),
 					"Text" => _('Use this to enter an additional LDAP filter (e.g. "(cn!=admin)") to reduce the number of visible elements for this account type.')
+						. ' ' . _('You can use the wildcard @@LOGIN_DN@@ which will be substituted with the DN of the user who is currently logged in to LAM.')
 						. ' ' . _('By default LAM will show all accounts that match the selected account modules.')),
 				"261" => array ("Headline" => _("Hidden"),
 					"Text" => _('Hidden account types will not show up in LAM. This is useful if you want to display e.g. only groups but still need to manage their members.')),

lam/lib/modules.inc

@@ -110,8 +110,16 @@ function get_ldap_filter($scope) {
 		$filters['and'][] = $typeSettings['filter_' . $scope];
 	}
 	// collapse AND filters
-	if (sizeof($filters['and']) < 2) return $filters['and'][0];
-	else return "(&" . implode("", $filters['and']) . ")";
+	$finalFilter = '';
+	if (sizeof($filters['and']) < 2) {
+		$finalFilter = $filters['and'][0];
+	}
+	else {
+		$finalFilter = "(&" . implode("", $filters['and']) . ")";
+	}
+	$loginData = $_SESSION['ldap']->decrypt_login();
+	$finalFilter = str_replace('@@LOGIN_DN@@', $loginData[0], $finalFilter);
+	return $finalFilter;
 }
 
 /**