Browse Source

ldap: fix group membership search handling when the group members are listed by 'dn' (#4684) (#4688)

Also, fixed typo in group member list return size check.
master
aboron 6 years ago committed by 无闻
parent
commit
43bca4df40
  1. 20
      pkg/auth/ldap/ldap.go

20
pkg/auth/ldap/ldap.go

@ -268,16 +268,26 @@ func (ls *Source) SearchEntry(name, passwd string, directBind bool) (string, str
if err != nil { if err != nil {
log.Error(2, "LDAP: Group search failed: %v", err) log.Error(2, "LDAP: Group search failed: %v", err)
return "", "", "", "", false, false return "", "", "", "", false, false
} else if len(sr.Entries) < 1 { } else if len(srg.Entries) < 1 {
log.Error(2, "LDAP: Group search failed: 0 entries") log.Error(2, "LDAP: Group search failed: 0 entries")
return "", "", "", "", false, false return "", "", "", "", false, false
} }
isMember := false isMember := false
for _, group := range srg.Entries { if ls.UserUID == "dn" {
for _, member := range group.GetAttributeValues(ls.GroupMemberUID) { for _, group := range srg.Entries {
if member == uid { for _, member := range group.GetAttributeValues(ls.GroupMemberUID) {
isMember = true if member == sr.Entries[0].DN {
isMember = true
}
}
}
} else {
for _, group := range srg.Entries {
for _, member := range group.GetAttributeValues(ls.GroupMemberUID) {
if member == uid {
isMember = true
}
} }
} }
} }

Loading…
Cancel
Save