Don't apply the group filter when listing LDAP group membership if it is empty (...

author zeripath <art27@cantab.net>

Wed, 29 Mar 2023 09:54:36 +0000 (10:54 +0100)

committer GitHub <noreply@github.com>

Wed, 29 Mar 2023 09:54:36 +0000 (17:54 +0800)
author zeripath <art27@cantab.net>
Wed, 29 Mar 2023 09:54:36 +0000 (10:54 +0100)
committer GitHub <noreply@github.com>
Wed, 29 Mar 2023 09:54:36 +0000 (17:54 +0800)
diff --git a/services/auth/source/ldap/source_search.go b/services/auth/source/ldap/source_search.go

index 5a2d25b0c4c1e1d471cb08c8abfea09f03c20198..2a61386ae106113629200db4af49b6ec97da8064 100644 (file)
--- a/services/auth/source/ldap/source_search.go
+++ b/services/auth/source/ldap/source_search.go
@@ -208,7 +208,7 @@ func (source *Source) listLdapGroupMemberships(l *ldap.Conn, uid string, applyGr
         }
  
         var searchFilter string
-       if applyGroupFilter {
+       if applyGroupFilter && groupFilter != "" {
                 searchFilter = fmt.Sprintf("(&(%s)(%s=%s))", groupFilter, source.GroupMemberUID, ldap.EscapeFilter(uid))
         } else {
                 searchFilter = fmt.Sprintf("(%s=%s)", source.GroupMemberUID, ldap.EscapeFilter(uid))
author	zeripath <art27@cantab.net>
	Wed, 29 Mar 2023 09:54:36 +0000 (10:54 +0100)
committer	GitHub <noreply@github.com>
	Wed, 29 Mar 2023 09:54:36 +0000 (17:54 +0800)