From 14e3e88d0e898e620cfa967b7a850a7ac798fd06 Mon Sep 17 00:00:00 2001
From: Colin Finck <colin@reactos.org>
Date: Mon, 9 Feb 2015 15:50:10 +0100
Subject: We can't just search for the user_dn in a group, we have to consider
 group_attr. This has been forgotten when introducing user_dn. Fixes checking
 for group membership of LDAP users.

---
 Authenticators/LDAP/LDAPauth.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Authenticators/LDAP/LDAPauth.py b/Authenticators/LDAP/LDAPauth.py
index 7517d89..93f1277 100644
--- a/Authenticators/LDAP/LDAPauth.py
+++ b/Authenticators/LDAP/LDAPauth.py
@@ -501,7 +501,7 @@ def do_main_program():
                 debug('Checking group membership for ' + name)
                     
                 #Search for user in group
-                res = ldap_conn.search_s(cfg.ldap.group_cn, ldap.SCOPE_SUBTREE, user_dn, [cfg.ldap.number_attr, cfg.ldap.display_attr])
+                res = ldap_conn.search_s(cfg.ldap.group_cn, ldap.SCOPE_SUBTREE, '(%s=%s)' % (cfg.ldap.group_attr, user_dn), [cfg.ldap.number_attr, cfg.ldap.display_attr])
                     
                 # Check if the user is a member of the group
                 if len(res) < 1:
-- 
cgit v1.2.3