From 3dde5d1ea97dfcf4d954a889ddc4d2a308070bc8 Mon Sep 17 00:00:00 2001
From: Jan Orel <jorel@opennebula.systems>
Date: Mon, 6 Jul 2020 11:19:28 +0200
Subject: [PATCH] F #4924: LDAP auth - capture user part (#78)

---
 src/authm_mad/remotes/ldap/authenticate | 5 +++--
 src/authm_mad/remotes/ldap/ldap_auth.rb | 8 ++++++--
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/src/authm_mad/remotes/ldap/authenticate b/src/authm_mad/remotes/ldap/authenticate
index f120876bdd..c6d21ac7f7 100755
--- a/src/authm_mad/remotes/ldap/authenticate
+++ b/src/authm_mad/remotes/ldap/authenticate
@@ -63,7 +63,8 @@ end
 
 options=YAML.load(File.read(ETC_LOCATION+'/auth/ldap_auth.conf'))
 
-order = get_server_order(options, user)
+user_full = user
+order,user = get_server_order(options, user)
 
 STDERR.puts "Using group of servers: #{servers.join(', ')}" if order.length>1
 
@@ -119,7 +120,7 @@ order.each do |servers|
                     # authentication success
                     group_list = groups.join(' ')
 
-                    escaped_user = URI_PARSER.escape(user).downcase
+                    escaped_user = URI_PARSER.escape(user_full).downcase
                     escaped_secret = URI_PARSER.escape(user_dn)
 
                     puts "ldap #{escaped_user} #{escaped_secret} #{group_list}"
diff --git a/src/authm_mad/remotes/ldap/ldap_auth.rb b/src/authm_mad/remotes/ldap/ldap_auth.rb
index a708e020ff..209e3fdbd8 100644
--- a/src/authm_mad/remotes/ldap/ldap_auth.rb
+++ b/src/authm_mad/remotes/ldap/ldap_auth.rb
@@ -267,7 +267,11 @@ def get_server_order(opts, user)
         end
 
         opts[:match_user_regex].each do |regex, server|
-            if user =~ /#{regex}/i
+            if m = user.match(/#{regex}/i)
+
+                # update user with the capture
+                user = m[1] if m[1]
+
                 order << to_array(server)
             end
         end
@@ -281,5 +285,5 @@ def get_server_order(opts, user)
         exit(-1)
     end
 
-    return order
+    return [order, user]
 end