Skip to content

Commit

Permalink
Don't apply the group filter when listing LDAP group membership if it…
Browse files Browse the repository at this point in the history 
… is empty (#23745)

When running listLdapGroupMemberships check if the groupFilter is empty
before using it to list memberships.

Fix #23615

Signed-off-by: Andrew Thornton <art27@cantab.net>
  • Loading branch information
@zeripath
zeripath authored Mar 29, 2023
1 parent f453879 commit ed5e7d0
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion services/auth/source/ldap/source_search.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -208,7 +208,7 @@ func (source *Source) listLdapGroupMemberships(l *ldap.Conn, uid string, applyGr
}

var searchFilter string
if applyGroupFilter {
if applyGroupFilter && groupFilter != "" {
searchFilter = fmt.Sprintf("(&(%s)(%s=%s))", groupFilter, source.GroupMemberUID, ldap.EscapeFilter(uid))
} else {
searchFilter = fmt.Sprintf("(%s=%s)", source.GroupMemberUID, ldap.EscapeFilter(uid))
Expand Down

0 comments on commit ed5e7d0

Please sign in to comment.