From 43bca4df40b933332ffe99468240c6a3413bf853 Mon Sep 17 00:00:00 2001
From: aboron <aboron@users.noreply.github.com>
Date: Tue, 23 Oct 2018 04:16:39 -0400
Subject: [PATCH] ldap: fix group membership search handling when the group
 members are listed by 'dn' (#4684) (#4688)

Also, fixed typo in group member list return size check.
---
 pkg/auth/ldap/ldap.go | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/pkg/auth/ldap/ldap.go b/pkg/auth/ldap/ldap.go
index 5c9342e91..0d34acb74 100644
--- a/pkg/auth/ldap/ldap.go
+++ b/pkg/auth/ldap/ldap.go
@@ -268,16 +268,26 @@ func (ls *Source) SearchEntry(name, passwd string, directBind bool) (string, str
 		if err != nil {
 			log.Error(2, "LDAP: Group search failed: %v", err)
 			return "", "", "", "", false, false
-		} else if len(sr.Entries) < 1 {
+		} else if len(srg.Entries) < 1 {
 			log.Error(2, "LDAP: Group search failed: 0 entries")
 			return "", "", "", "", false, false
 		}
 
 		isMember := false
-		for _, group := range srg.Entries {
-			for _, member := range group.GetAttributeValues(ls.GroupMemberUID) {
-				if member == uid {
-					isMember = true
+		if ls.UserUID == "dn" {
+			for _, group := range srg.Entries {
+				for _, member := range group.GetAttributeValues(ls.GroupMemberUID) {
+					if member == sr.Entries[0].DN {
+						isMember = true
+					}
+				}
+			}
+		} else {
+			for _, group := range srg.Entries {
+				for _, member := range group.GetAttributeValues(ls.GroupMemberUID) {
+					if member == uid {
+						isMember = true
+					}
 				}
 			}
 		}