From ae82051b7308556e1def9d35fee5316617adb4e9 Mon Sep 17 00:00:00 2001
From: Joakim Bergros <joakim.bergros@svedala.se>
Date: Tue, 25 Feb 2025 13:55:53 +0100
Subject: [PATCH 1/2] Fixed #16173: `useraccountcontrol` was not included in
 the ldap query attributes.

 `$results` did not include the `useraccountcontrol` and thus rendered the fallback logic void when `active_flag` was blank.

 Added a condition to check if `active_flag` is blank and only then add `useraccountcontrol` to the ldap query since it is then a requirement in accordance with "we respect the userAccountControl attribute" text in the `admin/ldap` route.

[`elseif' will become true when `active_flag` is blank](https://github.com/snipe/snipe-it/blob/b141945add94eb0839436278a5b2dc2e0e116306/app/Console/Commands/LdapSync.php#L364)
---
 app/Console/Commands/LdapSync.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/app/Console/Commands/LdapSync.php b/app/Console/Commands/LdapSync.php
index c7efa967a..8859935f6 100644
--- a/app/Console/Commands/LdapSync.php
+++ b/app/Console/Commands/LdapSync.php
@@ -125,6 +125,10 @@ class LdapSync extends Command
              */
             $attributes = array_values(array_filter($ldap_map));
 
+            if (is_null($ldap_map['active_flag'])) {
+                $attributes[] = 'useraccountcontrol';
+            }
+
             $results = Ldap::findLdapUsers($search_base, -1, $filter, $attributes);
 
         } catch (\Exception $e) {

From 5c66334017e4baaf9dae9a488610702930ddc2da Mon Sep 17 00:00:00 2001
From: Joakim Bergros <joakim.bergros@svedala.se>
Date: Tue, 25 Feb 2025 14:22:22 +0100
Subject: [PATCH 2/2] Added a check to see if the user has specified that is an
 ActiveDirectory server in the configuration before adding the
 `useraccountcontrol` attribute to the ldap query.

---
 app/Console/Commands/LdapSync.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/Console/Commands/LdapSync.php b/app/Console/Commands/LdapSync.php
index 8859935f6..619c6af79 100644
--- a/app/Console/Commands/LdapSync.php
+++ b/app/Console/Commands/LdapSync.php
@@ -125,7 +125,7 @@ class LdapSync extends Command
              */
             $attributes = array_values(array_filter($ldap_map));
 
-            if (is_null($ldap_map['active_flag'])) {
+            if (Setting::getSettings()->is_ad === 1 && is_null($ldap_map['active_flag'])) {
                 $attributes[] = 'useraccountcontrol';
             }