Don't apply the group filter when listing LDAP group membership if it is empty (#23745)

When running listLdapGroupMemberships check if the groupFilter is empty before using it to list memberships. Fix #23615 Signed-off-by: Andrew Thornton <art27@cantab.net>
author: zeripath <art27@cantab.net> 2023-03-29 10:54:36 +0100
committer: GitHub <noreply@github.com> 2023-03-29 17:54:36 +0800
commit: ed5e7d03c6c44666c6fe97a15e8ce33d223c4466 (patch)
tree: c0b48fbf7f4028104fe54be5782d867b5d83ff0d /services/auth
parent: f4538791f5fc82b173608fcf9c30e36ec01dc9d3 (diff)
download: gitea-ed5e7d03c6c44666c6fe97a15e8ce33d223c4466.tar.gz
gitea-ed5e7d03c6c44666c6fe97a15e8ce33d223c4466.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/services/auth/source/ldap/source_search.go b/services/auth/source/ldap/source_search.go
index 5a2d25b0c4..2a61386ae1 100644
--- a/services/auth/source/ldap/source_search.go
+++ b/services/auth/source/ldap/source_search.go
@@ -208,7 +208,7 @@ func (source *Source) listLdapGroupMemberships(l *ldap.Conn, uid string, applyGr
 	}
 
 	var searchFilter string
-	if applyGroupFilter {
+	if applyGroupFilter && groupFilter != "" {
 		searchFilter = fmt.Sprintf("(&(%s)(%s=%s))", groupFilter, source.GroupMemberUID, ldap.EscapeFilter(uid))
 	} else {
 		searchFilter = fmt.Sprintf("(%s=%s)", source.GroupMemberUID, ldap.EscapeFilter(uid))
author	zeripath <art27@cantab.net>	2023-03-29 10:54:36 +0100
committer	GitHub <noreply@github.com>	2023-03-29 17:54:36 +0800
commit	ed5e7d03c6c44666c6fe97a15e8ce33d223c4466 (patch)
tree	c0b48fbf7f4028104fe54be5782d867b5d83ff0d /services/auth
parent	f4538791f5fc82b173608fcf9c30e36ec01dc9d3 (diff)
download	gitea-ed5e7d03c6c44666c6fe97a15e8ce33d223c4466.tar.gz gitea-ed5e7d03c6c44666c6fe97a15e8ce33d223c4466.zip