Merge pull request #11150 from sbskas/master

Make Ldap group composed of DNs work.

Merge pull request #11150 from sbskas/master
Make Ldap group composed of DNs work.
affd3d15 · Dan Cech · GitHub · d14ac54a · 7cc3d0c3 · affd3d15
Commit affd3d15 authored Apr 23, 2018 by Dan Cech Committed by GitHub Apr 23, 2018
Show whitespace changes
Inline Side-by-side

Showing with 6 additions and 1 deletions

pkg/login/ldap.go
+6 -1

No files found.
--- a/pkg/login/ldap.go
+++ b/pkg/login/ldap.go
@@ -302,9 +302,11 @@ func (a *ldapAuther) searchForUser(username string) (*LdapUserInfo, error) {
 		// If we are using a POSIX LDAP schema it won't support memberOf, so we manually search the groups
 		var groupSearchResult *ldap.SearchResult
 		for _, groupSearchBase := range a.server.GroupSearchBaseDNs {
-			filter_replace := getLdapAttr(a.server.GroupSearchFilterUserAttribute, searchResult)
+			var filter_replace string
 			if a.server.GroupSearchFilterUserAttribute == "" {
 				filter_replace = getLdapAttr(a.server.Attr.Username, searchResult)
+			} else {
+				filter_replace = getLdapAttr(a.server.GroupSearchFilterUserAttribute, searchResult)
 			}
 			filter := strings.Replace(a.server.GroupSearchFilter, "%s", ldap.EscapeFilter(filter_replace), -1)
@@ -346,6 +348,9 @@ func (a *ldapAuther) searchForUser(username string) (*LdapUserInfo, error) {
 }
 func getLdapAttrN(name string, result *ldap.SearchResult, n int) string {
+	if name == "DN" {
+		return result.Entries[0].DN
+	}
 	for _, attr := range result.Entries[n].Attributes {
 		if attr.Name == name {
 			if len(attr.Values) > 0 {