LdapAdapter: Fix nested claims retrieval -- use CN instead of DN

RoadTrain · RoadTrain · commit c6c45166bfff · 2021-08-09T23:41:42.000+03:00
diff --git a/src/Security/Authentication/Negotiate/src/Internal/LdapAdapter.cs b/src/Security/Authentication/Negotiate/src/Internal/LdapAdapter.cs
@@ -110,16 +110,15 @@ private static void GetNestedGroups(LdapConnection connection, ClaimsIdentity pr
                 }
 
                 var group = searchResponse.Entries[0]; //Get the object that was found on ldap
-                string name = group.DistinguishedName;
-                retrievedClaims.Add(name);
+                retrievedClaims.Add(groupCN);
 
                 var memberof = group.Attributes["memberof"]; // You can access ldap Attributes with Attributes property
                 if (memberof != null)
                 {
                     foreach (var member in memberof)
                     {
-                        var groupDN = $"{Encoding.UTF8.GetString((byte[])member)}";
-                        var nestedGroupCN = groupDN.Split(',')[0].Substring("CN=".Length);
+                        var nestedGroupDN = $"{Encoding.UTF8.GetString((byte[])member)}";
+                        var nestedGroupCN = nestedGroupDN.Split(',')[0].Substring("CN=".Length);
                         GetNestedGroups(connection, principal, distinguishedName, nestedGroupCN, logger, retrievedClaims);
                     }
                 }

Original file line number	Diff line number	Diff line change
`@@ -110,16 +110,15 @@ private static void GetNestedGroups(LdapConnection connection, ClaimsIdentity pr`
`110`	`110`	`}`
`111`	`111`
`112`	`112`	`var group = searchResponse.Entries[0]; //Get the object that was found on ldap`
`113`		`- string name = group.DistinguishedName;`
`114`		`- retrievedClaims.Add(name);`
	`113`	`+ retrievedClaims.Add(groupCN);`
`115`	`114`
`116`	`115`	`var memberof = group.Attributes["memberof"]; // You can access ldap Attributes with Attributes property`
`117`	`116`	`if (memberof != null)`
`118`	`117`	`{`
`119`	`118`	`foreach (var member in memberof)`
`120`	`119`	`{`
`121`		`- var groupDN = $"{Encoding.UTF8.GetString((byte[])member)}";`
`122`		`- var nestedGroupCN = groupDN.Split(',')[0].Substring("CN=".Length);`
	`120`	`+ var nestedGroupDN = $"{Encoding.UTF8.GetString((byte[])member)}";`
	`121`	`+ var nestedGroupCN = nestedGroupDN.Split(',')[0].Substring("CN=".Length);`
`123`	`122`	`GetNestedGroups(connection, principal, distinguishedName, nestedGroupCN, logger, retrievedClaims);`
`124`	`123`	`}`
`125`	`124`	`}`