|
|
|
@ -268,12 +268,21 @@ func (ls *Source) SearchEntry(name, passwd string, directBind bool) (string, str
|
|
|
|
|
if err != nil { |
|
|
|
|
log.Error(2, "LDAP: Group search failed: %v", err) |
|
|
|
|
return "", "", "", "", false, false |
|
|
|
|
} else if len(sr.Entries) < 1 { |
|
|
|
|
} else if len(srg.Entries) < 1 { |
|
|
|
|
log.Error(2, "LDAP: Group search failed: 0 entries") |
|
|
|
|
return "", "", "", "", false, false |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
isMember := false |
|
|
|
|
if ls.UserUID == "dn" { |
|
|
|
|
for _, group := range srg.Entries { |
|
|
|
|
for _, member := range group.GetAttributeValues(ls.GroupMemberUID) { |
|
|
|
|
if member == sr.Entries[0].DN { |
|
|
|
|
isMember = true |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} else { |
|
|
|
|
for _, group := range srg.Entries { |
|
|
|
|
for _, member := range group.GetAttributeValues(ls.GroupMemberUID) { |
|
|
|
|
if member == uid { |
|
|
|
@ -281,6 +290,7 @@ func (ls *Source) SearchEntry(name, passwd string, directBind bool) (string, str
|
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if !isMember { |
|
|
|
|
log.Trace("LDAP: Group membership test failed [username: %s, group_member_uid: %s, user_uid: %s", username, ls.GroupMemberUID, uid) |
|
|
|
|