diff options
| author | Vladimir Sukhonosov <[email protected]> | 2023-09-28 01:52:30 +0300 |
|---|---|---|
| committer | GitHub <[email protected]> | 2023-09-28 01:52:30 +0300 |
| commit | 0c4d21f20493d3d37f80c741de8fb02bc8369420 (patch) | |
| tree | b4031329b18e274881aef4b9c3ed2066e4a96928 /kvmd | |
| parent | 8f32f9ae112d33838bf7b960119c04e4aba2b86b (diff) | |
check group name in ldap result (#150)
Diffstat (limited to 'kvmd')
| -rw-r--r-- | kvmd/plugins/auth/ldap.py | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/kvmd/plugins/auth/ldap.py b/kvmd/plugins/auth/ldap.py index 4ef9c29c..8743b2c9 100644 --- a/kvmd/plugins/auth/ldap.py +++ b/kvmd/plugins/auth/ldap.py @@ -88,10 +88,10 @@ class Plugin(BaseAuthService): base=self.__base, scope=ldap.SCOPE_SUBTREE, filterstr=f"(&(objectClass=user)(userPrincipalName={user})(memberOf={self.__group}))", - attrlist=["userPrincipalName", "memberOf"], + attrlist=["memberOf"], timeout=self.__timeout, ) or []): - if dn is not None and isinstance(attrs, dict) and attrs.get("memberOf"): + if dn is not None and isinstance(attrs, dict) and self.__group.encode() in attrs.get("memberOf"): # type: ignore return True except ldap.INVALID_CREDENTIALS: pass |