implement LDAP addRealm

CHANGES.md

@@ -3,6 +3,8 @@
 ## 2.2.4 (...)
 - introduce `userIdAttribute` for `FormLdapAuthentication` to "normalize" the
   user ID used inside the VPN service (issue #151)
+- implement `addRealm` option for `FormLdapAuthentication` that adds a provided
+  domain to the user specified "authUser" if no domain is specified yet
 
 ## 2.2.3 (2020-03-23)
 - add German portal translation

CONFIG_CHANGES.md

@@ -19,6 +19,12 @@ will be used as the user ID. For example:
 If not provided, the exact user ID used for binding to the LDAP server will be
 used as the user ID in the VPN service.
 
+You can also specify the `addRealm` option that takes a `string` value that 
+will add a "realm" to the users specified "authUser". For example, if the user 
+provides `foo`, an `addRealm` with value `example.org` would convert the 
+"authUser" to `[email protected]`. If the user specifies `[email protected]` and the
+`addRealm` value is `example.org` nothing will be changed.
+
 ## 2.2.3
 
 We added the translation for German (Germany). You can add it to 

src/FormLdapAuthentication.php

@@ -29,6 +29,7 @@ public function __construct(Config $config, SessionInterface $session, TplInterf
             $config->optionalItem('baseDn'),
             $config->optionalItem('userFilterTemplate'),
             $config->optionalItem('userIdAttribute'),
+            $config->optionalItem('addRealm'),
             $config->optionalItem('permissionAttribute')
         );
 

src/LdapAuth.php

@@ -34,6 +34,9 @@ class LdapAuth implements CredentialValidatorInterface
     /** @var string|null */
     private $userIdAttribute;
 
+    /** @var string|null */
+    private $addRealm;
+
     /** @var string|null */
     private $permissionAttribute;
 
@@ -42,16 +45,18 @@ class LdapAuth implements CredentialValidatorInterface
      * @param string|null $baseDn
      * @param string|null $userFilterTemplate
      * @param string|null $userIdAttribute
+     * @param string|null $addRealm
      * @param string|null $permissionAttribute
      */
-    public function __construct(LoggerInterface $logger, LdapClient $ldapClient, $bindDnTemplate, $baseDn, $userFilterTemplate, $userIdAttribute, $permissionAttribute)
+    public function __construct(LoggerInterface $logger, LdapClient $ldapClient, $bindDnTemplate, $baseDn, $userFilterTemplate, $userIdAttribute, $addRealm, $permissionAttribute)
     {
         $this->logger = $logger;
         $this->ldapClient = $ldapClient;
         $this->bindDnTemplate = $bindDnTemplate;
         $this->baseDn = $baseDn;
         $this->userFilterTemplate = $userFilterTemplate;
         $this->userIdAttribute = $userIdAttribute;
+        $this->addRealm = $addRealm;
         $this->permissionAttribute = $permissionAttribute;
     }
 
@@ -63,6 +68,13 @@ public function __construct(LoggerInterface $logger, LdapClient $ldapClient, $bi
      */
     public function isValid($authUser, $authPass)
     {
+        // add "realm" after user name if none is specified
+        if (null !== $addRealm = $this->addRealm) {
+            if (false === strpos($authUser, '@')) {
+                $authUser .= '@'.$addRealm;
+            }
+        }
+
         $bindDn = str_replace('{{UID}}', LdapClient::escapeDn($authUser), $this->bindDnTemplate);
         try {
             $this->ldapClient->bind($bindDn, $authPass);