check group name in ldap result (#150)

author: Vladimir Sukhonosov <[email protected]> 2023-09-28 01:52:30 +0300
committer: GitHub <[email protected]> 2023-09-28 01:52:30 +0300
commit: 0c4d21f20493d3d37f80c741de8fb02bc8369420 (patch)
tree: b4031329b18e274881aef4b9c3ed2066e4a96928 /kvmd/plugins
parent: 8f32f9ae112d33838bf7b960119c04e4aba2b86b (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/kvmd/plugins/auth/ldap.py b/kvmd/plugins/auth/ldap.py
index 4ef9c29c..8743b2c9 100644
--- a/kvmd/plugins/auth/ldap.py
+++ b/kvmd/plugins/auth/ldap.py
@@ -88,10 +88,10 @@ class Plugin(BaseAuthService):
                 base=self.__base,
                 scope=ldap.SCOPE_SUBTREE,
                 filterstr=f"(&(objectClass=user)(userPrincipalName={user})(memberOf={self.__group}))",
-                attrlist=["userPrincipalName", "memberOf"],
+                attrlist=["memberOf"],
                 timeout=self.__timeout,
             ) or []):
-                if dn is not None and isinstance(attrs, dict) and attrs.get("memberOf"):
+                if dn is not None and isinstance(attrs, dict) and self.__group.encode() in attrs.get("memberOf"):  # type: ignore
                     return True
         except ldap.INVALID_CREDENTIALS:
             pass
author	Vladimir Sukhonosov <[email protected]>	2023-09-28 01:52:30 +0300
committer	GitHub <[email protected]>	2023-09-28 01:52:30 +0300
commit	0c4d21f20493d3d37f80c741de8fb02bc8369420 (patch)
tree	b4031329b18e274881aef4b9c3ed2066e4a96928 /kvmd/plugins
parent	8f32f9ae112d33838bf7b960119c04e4aba2b86b (diff)