From 1f20b7c29ce19a5262d7ab759f7fcf34bd8b6eb0 Mon Sep 17 00:00:00 2001
From: Javi Fontan <jfontan@opennebula.org>
Date: Tue, 18 Nov 2014 12:57:08 +0100
Subject: [PATCH] bug #3354: ask for memberOf attribute in ldap auth

Patch sent by Fabian Zimmermann.

(cherry picked from commit a2a25673b4e45ef5e932a633ef0fc0a7cd7a5546)
---
 src/authm_mad/remotes/ldap/ldap_auth.rb | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/authm_mad/remotes/ldap/ldap_auth.rb b/src/authm_mad/remotes/ldap/ldap_auth.rb
index 161ef225ea..da9a30255d 100644
--- a/src/authm_mad/remotes/ldap/ldap_auth.rb
+++ b/src/authm_mad/remotes/ldap/ldap_auth.rb
@@ -47,7 +47,8 @@ class OpenNebula::LdapAuth
             :mapping_timeout    => 300,
             :mapping_filename   => 'server1.yaml',
             :mapping_key        => 'GROUP_DN',
-            :mapping_default    => 1
+            :mapping_default    => 1,
+            :attributes         => [ "memberOf" ]
         }.merge(options)
 
         ops={}
@@ -123,6 +124,7 @@ class OpenNebula::LdapAuth
         begin
             result=@ldap.search(
                 :base => @options[:base],
+                :attributes => @options[:attributes],
                 :filter => "#{@options[:user_field]}=#{name}")
 
             if result && result.first
@@ -146,6 +148,7 @@ class OpenNebula::LdapAuth
     def is_in_group?(user, group)
         result=@ldap.search(
                     :base   => group,
+                    :attributes => @options[:group_field],
                     :filter => "(#{@options[:group_field]}=#{user.first})")
 
         if result && result.first
@@ -183,7 +186,7 @@ class OpenNebula::LdapAuth
         end
 
         groups.delete(false)
-        groups.compact
+        groups.compact.uniq
     end
 end