[checkmk-commits] Check_MK Git: check_mk: FIX: LDAP: OpenLDAP - Using uniqueMember instead of member when searching for groups of a user

Module: check_mk Branch: master Commit: bb8df359fe375b1a98449ad684965100e417e7b3 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=bb8df359fe375b… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Wed Jan 16 10:42:04 2013 +0100 FIX: LDAP: OpenLDAP - Using uniqueMember instead of member when searching for groups of a user --- ChangeLog | 1 + web/plugins/userdb/ldap.py | 5 ++++- 2 files changed, 5 insertions(+), 1 deletions(-) diff --git a/ChangeLog b/ChangeLog index 192676e..3e4c0f1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,6 +23,7 @@ * FIX: LDAP: Fixed problem with special chars in LDAP queries when having contactgroup sync plugin enabled * FIX: LDAP: OpenLDAP - Changed default filter for users + * FIX: LDAP: OpenLDAP - Using uniqueMember instead of member when searching for groups of a user * LDAP: Role sync plugin validates the given group DNs with the group base dn now * LDAP: Using roles defined in default user profile in role sync plugin processing * LDAP: Improved error handling in case of misconfigurations diff --git a/web/plugins/userdb/ldap.py b/web/plugins/userdb/ldap.py index aa63efa..4c4dbe0 100644 --- a/web/plugins/userdb/ldap.py +++ b/web/plugins/userdb/ldap.py @@ -66,6 +66,8 @@ ldap_attr_map = { 'openldap': { 'user_id': 'uid', 'pw_changed': 'pwdchangedtime', + # group attributes + 'member': 'uniquemember', }, } @@ -315,7 +317,8 @@ def ldap_user_groups(username, attr = 'cn'): # Apply configured group ldap filter and only reply with groups # having the current user as member - filt = '(&%s(member=%s))' % (ldap_filter('groups'), ldap.filter.escape_filter_chars(user_dn)) + filt = '(&%s(%s=%s))' % (ldap_filter('groups'), ldap_attr('member'), + ldap.filter.escape_filter_chars(user_dn)) # First get all groups groups_cn = [] groups_dn = []