diff options
author | Colin Finck <colin@reactos.org> | 2015-02-09 17:50:10 +0300 |
---|---|---|
committer | Colin Finck <colin@reactos.org> | 2015-02-09 18:02:27 +0300 |
commit | 14e3e88d0e898e620cfa967b7a850a7ac798fd06 (patch) | |
tree | 6e44b702b7cf81d05b792831d2962dc9e01116c6 | |
parent | aa9266c34cb2dc402d5a690d8bfc13e6f4f47aef (diff) |
We can't just search for the user_dn in a group, we have to consider group_attr. This has been forgotten when introducing user_dn. Fixes checking for group membership of LDAP users.
-rw-r--r-- | Authenticators/LDAP/LDAPauth.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/Authenticators/LDAP/LDAPauth.py b/Authenticators/LDAP/LDAPauth.py index 7517d89..93f1277 100644 --- a/Authenticators/LDAP/LDAPauth.py +++ b/Authenticators/LDAP/LDAPauth.py @@ -501,7 +501,7 @@ def do_main_program(): debug('Checking group membership for ' + name) #Search for user in group - res = ldap_conn.search_s(cfg.ldap.group_cn, ldap.SCOPE_SUBTREE, user_dn, [cfg.ldap.number_attr, cfg.ldap.display_attr]) + res = ldap_conn.search_s(cfg.ldap.group_cn, ldap.SCOPE_SUBTREE, '(%s=%s)' % (cfg.ldap.group_attr, user_dn), [cfg.ldap.number_attr, cfg.ldap.display_attr]) # Check if the user is a member of the group if len(res) < 1: |