diff options
| -rw-r--r-- | kvmd/plugins/auth/ldap.py | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/kvmd/plugins/auth/ldap.py b/kvmd/plugins/auth/ldap.py index 4ef9c29c..8743b2c9 100644 --- a/kvmd/plugins/auth/ldap.py +++ b/kvmd/plugins/auth/ldap.py @@ -88,10 +88,10 @@ class Plugin(BaseAuthService): base=self.__base, scope=ldap.SCOPE_SUBTREE, filterstr=f"(&(objectClass=user)(userPrincipalName={user})(memberOf={self.__group}))", - attrlist=["userPrincipalName", "memberOf"], + attrlist=["memberOf"], timeout=self.__timeout, ) or []): - if dn is not None and isinstance(attrs, dict) and attrs.get("memberOf"): + if dn is not None and isinstance(attrs, dict) and self.__group.encode() in attrs.get("memberOf"): # type: ignore return True except ldap.INVALID_CREDENTIALS: pass |