fix: memberof condition conflict with recursive search

Signed-off-by: Alexey R. <r9odt@yandex.ru>
2 months ago · 20dfbcc389
1 changed files with 12 additions and 13 deletions
--- a/connector/ldap/ldap.go
+++ b/connector/ldap/ldap.go
@ -652,20 +652,19 @@ func (c *ldapConnector) groups(ctx context.Context, user ldap.Entry) ([]string,
 					},
 				})
 			}
-			continue
+		} else {
-		}
+			for _, attr := range c.getAttrs(user, matcher.UserAttr) {
-
+				obtained, filter, err := c.queryGroups(ctx, matcher.GroupAttr, attr)
-		for _, attr := range c.getAttrs(user, matcher.UserAttr) {
+				if err != nil {
-			obtained, filter, err := c.queryGroups(ctx, matcher.GroupAttr, attr)
+					return nil, err
-			if err != nil {
+				}
-				return nil, err
+				gotGroups := len(obtained) != 0
-			}
+				if !gotGroups {
-			gotGroups := len(obtained) != 0
+					// TODO(ericchiang): Is this going to spam the logs?
-			if !gotGroups {
+					c.logger.Error("ldap: groups search returned no groups", "filter", filter)
-				// TODO(ericchiang): Is this going to spam the logs?
+				}
-				c.logger.Error("ldap: groups search returned no groups", "filter", filter)
+				groups = append(groups, obtained...)
 			}
 			groups = append(groups, obtained...)
 		}
 		// If RecursionGroupAttr is not set, convert direct groups into names and return