Merge pull request #10970 from mmolnar/master

ldap: allow use of DN in group_search_filter_user_attribute and member_of

Merge pull request #10970 from mmolnar/master
ldap: allow use of DN in group_search_filter_user_attribute and member_of
b1cf1acb · Marcus Efraimsson · GitHub · 40d76062 · be2fa544 · b1cf1acb
Commit b1cf1acb authored Jun 19, 2018 by Marcus Efraimsson Committed by GitHub Jun 19, 2018
Show whitespace changes
Inline Side-by-side

Showing with 8 additions and 0 deletions

pkg/login/ldap.go
+8 -0

No files found.
--- a/pkg/login/ldap.go
+++ b/pkg/login/ldap.go
@@ -308,6 +308,10 @@ func (a *ldapAuther) searchForUser(username string) (*LdapUserInfo, error) {
 			} else {
 				filter_replace = getLdapAttr(a.server.GroupSearchFilterUserAttribute, searchResult)
 			}
+			if a.server.GroupSearchFilterUserAttribute == "dn" {
+				filter_replace = searchResult.Entries[0].DN
+			}
+
 			filter := strings.Replace(a.server.GroupSearchFilter, "%s", ldap.EscapeFilter(filter_replace), -1)

 			a.log.Info("Searching for user's groups", "filter", filter)
@@ -330,8 +334,12 @@ func (a *ldapAuther) searchForUser(username string) (*LdapUserInfo, error) {

 			if len(groupSearchResult.Entries) > 0 {
 				for i := range groupSearchResult.Entries {
+					if a.server.Attr.MemberOf == "dn" {
+						memberOf = append(memberOf, groupSearchResult.Entries[i].DN)
+					} else {
 						memberOf = append(memberOf, getLdapAttrN(a.server.Attr.MemberOf, groupSearchResult, i))
 					}
+				}
 				break
 			}
 		}