bug #3354: ask for memberOf attribute in ldap auth

Patch sent by Fabian Zimmermann. (cherry picked from commit a2a25673b4e45ef5e932a633ef0fc0a7cd7a5546)
2025-03-21 14:50:08 +03:00 · 2014-11-18 12:57:08 +01:00 · 2014-11-18 12:57:08 +01:00 · 1f20b7c29c
commit 1f20b7c29c
parent 3d6711bec4
1 changed files with 5 additions and 2 deletions
--- a/src/authm_mad/remotes/ldap/ldap_auth.rb
+++ b/src/authm_mad/remotes/ldap/ldap_auth.rb
@ -47,7 +47,8 @@ class OpenNebula::LdapAuth
            :mapping_timeout    => 300,
            :mapping_filename   => 'server1.yaml',
            :mapping_key        => 'GROUP_DN',
-            :mapping_default    => 1
+            :mapping_default    => 1,
+            :attributes         => [ "memberOf" ]
        }.merge(options)

        ops={}
@ -123,6 +124,7 @@ class OpenNebula::LdapAuth
        begin
            result=@ldap.search(
                :base => @options[:base],
+                :attributes => @options[:attributes],
                :filter => "#{@options[:user_field]}=#{name}")

            if result && result.first
@ -146,6 +148,7 @@ class OpenNebula::LdapAuth
    def is_in_group?(user, group)
        result=@ldap.search(
                    :base   => group,
+                    :attributes => @options[:group_field],
                    :filter => "(#{@options[:group_field]}=#{user.first})")

        if result && result.first
@ -183,7 +186,7 @@ class OpenNebula::LdapAuth
        end

        groups.delete(false)
-        groups.compact
+        groups.compact.uniq
    end
 end