Module: check_mk
Branch: master
Commit: bb8df359fe375b1a98449ad684965100e417e7b3
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=bb8df359fe375b…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Wed Jan 16 10:42:04 2013 +0100
FIX: LDAP: OpenLDAP - Using uniqueMember instead of member when searching for groups of a
user
---
ChangeLog | 1 +
web/plugins/userdb/ldap.py | 5 ++++-
2 files changed, 5 insertions(+), 1 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 192676e..3e4c0f1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -23,6 +23,7 @@
* FIX: LDAP: Fixed problem with special chars in LDAP queries when having
contactgroup sync plugin enabled
* FIX: LDAP: OpenLDAP - Changed default filter for users
+ * FIX: LDAP: OpenLDAP - Using uniqueMember instead of member when searching for
groups of a user
* LDAP: Role sync plugin validates the given group DNs with the group base dn now
* LDAP: Using roles defined in default user profile in role sync plugin processing
* LDAP: Improved error handling in case of misconfigurations
diff --git a/web/plugins/userdb/ldap.py b/web/plugins/userdb/ldap.py
index aa63efa..4c4dbe0 100644
--- a/web/plugins/userdb/ldap.py
+++ b/web/plugins/userdb/ldap.py
@@ -66,6 +66,8 @@ ldap_attr_map = {
'openldap': {
'user_id': 'uid',
'pw_changed': 'pwdchangedtime',
+ # group attributes
+ 'member': 'uniquemember',
},
}
@@ -315,7 +317,8 @@ def ldap_user_groups(username, attr = 'cn'):
# Apply configured group ldap filter and only reply with groups
# having the current user as member
- filt = '(&%s(member=%s))' % (ldap_filter('groups'),
ldap.filter.escape_filter_chars(user_dn))
+ filt = '(&%s(%s=%s))' % (ldap_filter('groups'),
ldap_attr('member'),
+ ldap.filter.escape_filter_chars(user_dn))
# First get all groups
groups_cn = []
groups_dn = []