We can't just search for the user_dn in a group, we have to consider group_attr. This has been forgotten when introducing user_dn. Fixes checking for group membership of LDAP users.

author: Colin Finck <colin@reactos.org> 2015-02-09 17:50:10 +0300
committer: Colin Finck <colin@reactos.org> 2015-02-09 18:02:27 +0300
commit: 14e3e88d0e898e620cfa967b7a850a7ac798fd06 (patch)
tree: 6e44b702b7cf81d05b792831d2962dc9e01116c6
parent: aa9266c34cb2dc402d5a690d8bfc13e6f4f47aef (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/Authenticators/LDAP/LDAPauth.py b/Authenticators/LDAP/LDAPauth.py
index 7517d89..93f1277 100644
--- a/Authenticators/LDAP/LDAPauth.py
+++ b/Authenticators/LDAP/LDAPauth.py
@@ -501,7 +501,7 @@ def do_main_program():
                 debug('Checking group membership for ' + name)
                     
                 #Search for user in group
-                res = ldap_conn.search_s(cfg.ldap.group_cn, ldap.SCOPE_SUBTREE, user_dn, [cfg.ldap.number_attr, cfg.ldap.display_attr])
+                res = ldap_conn.search_s(cfg.ldap.group_cn, ldap.SCOPE_SUBTREE, '(%s=%s)' % (cfg.ldap.group_attr, user_dn), [cfg.ldap.number_attr, cfg.ldap.display_attr])
                     
                 # Check if the user is a member of the group
                 if len(res) < 1:
author	Colin Finck <colin@reactos.org>	2015-02-09 17:50:10 +0300
committer	Colin Finck <colin@reactos.org>	2015-02-09 18:02:27 +0300
commit	14e3e88d0e898e620cfa967b7a850a7ac798fd06 (patch)
tree	6e44b702b7cf81d05b792831d2962dc9e01116c6
parent	aa9266c34cb2dc402d5a690d8bfc13e6f4f47aef (diff)