Added limitation filter

Author: stevebauman

src/Config/auth.php

@@ -21,6 +21,20 @@
 
     'username_attribute' => ['username' => 'samaccountname'],
 
+     /*
+     |--------------------------------------------------------------------------
+     | Limitation Filter
+     |--------------------------------------------------------------------------
+     |
+     | The limitation filter allows you to enter a raw filter to only allow
+     | specific users / groups / ous to authenticate.
+     |
+     | This should be a standard LDAP filter.
+     |
+     */
+
+    'limitation_filter' => '',
+
     /*
     |--------------------------------------------------------------------------
     | Login Fallback

src/Traits/ImportsUsers.php

@@ -207,7 +207,18 @@ protected function handleAttributeRetrieval(User $user, $field)
      */
     protected function newAdldapUserQuery()
     {
-        return Adldap::users()->search()->select($this->getSelectAttributes());
+        /** @var \Adldap\Query\Builder $query */
+        $query = Adldap::users()->search();
+
+        $filter = $this->getLimitationFilter();
+
+        if (!empty($filter)) {
+            // If we're provided a login limitation filter,
+            // we'll add it to the user query.
+            $query->rawFilter($filter);
+        }
+
+        return $query->select($this->getSelectAttributes());
     }
 
     /**
@@ -262,4 +273,14 @@ protected function getSyncAttributes()
     {
         return Config::get('adldap_auth.sync_attributes', ['name' => ActiveDirectory::COMMON_NAME]);
     }
+
+    /**
+     * Returns the configured login limitation filter.
+     *
+     * @return string|null
+     */
+    protected function getLimitationFilter()
+    {
+        return Config::get('adldap_auth.limitation_filter');
+    }
 }