ldap: fix group membership search handling when the group members are listed by 'dn' (#4684) (#4688)

Also, fixed typo in group member list return size check.
author: aboron <aboron@users.noreply.github.com> 2018-10-23 04:16:39 -0400
committer: 无闻 <u@gogs.io> 2018-10-23 04:16:39 -0400
commit: 43bca4df40b933332ffe99468240c6a3413bf853 (patch)
tree: 5731a3c07776e968c2a7eb1737dbd062137590fa /pkg/auth/ldap
parent: 82269e4b8cc3079f98bfb8e440e5928e07cc07b0 (diff)
1 files changed, 15 insertions, 5 deletions
diff --git a/pkg/auth/ldap/ldap.go b/pkg/auth/ldap/ldap.go
index 5c9342e9..0d34acb7 100644
--- a/pkg/auth/ldap/ldap.go
+++ b/pkg/auth/ldap/ldap.go
@@ -268,16 +268,26 @@ func (ls *Source) SearchEntry(name, passwd string, directBind bool) (string, str
 		if err != nil {
 			log.Error(2, "LDAP: Group search failed: %v", err)
 			return "", "", "", "", false, false
-		} else if len(sr.Entries) < 1 {
+		} else if len(srg.Entries) < 1 {
 			log.Error(2, "LDAP: Group search failed: 0 entries")
 			return "", "", "", "", false, false
 		}
 
 		isMember := false
-		for _, group := range srg.Entries {
-			for _, member := range group.GetAttributeValues(ls.GroupMemberUID) {
-				if member == uid {
-					isMember = true
+		if ls.UserUID == "dn" {
+			for _, group := range srg.Entries {
+				for _, member := range group.GetAttributeValues(ls.GroupMemberUID) {
+					if member == sr.Entries[0].DN {
+						isMember = true
+					}
+				}
+			}
+		} else {
+			for _, group := range srg.Entries {
+				for _, member := range group.GetAttributeValues(ls.GroupMemberUID) {
+					if member == uid {
+						isMember = true
+					}
 				}
 			}
 		}
author	aboron <aboron@users.noreply.github.com>	2018-10-23 04:16:39 -0400
committer	无闻 <u@gogs.io>	2018-10-23 04:16:39 -0400
commit	43bca4df40b933332ffe99468240c6a3413bf853 (patch)
tree	5731a3c07776e968c2a7eb1737dbd062137590fa /pkg/auth/ldap
parent	82269e4b8cc3079f98bfb8e440e5928e07cc07b0 (diff)