ldap_handler: Reports groups as groupOfNames as well

2023-04-12 14:25:13 +00:00 · 2022-04-19 17:58:40 +02:00 · 2022-04-19 17:58:40 +02:00 · 3ac38bb96f
commit 3ac38bb96f
parent 2197fe77a5
1 changed files with 10 additions and 2 deletions
--- a/server/src/infra/ldap_handler.rs
+++ b/server/src/infra/ldap_handler.rs
@ -550,8 +550,14 @@ impl<Backend: BackendHandler + LoginHandler + OpaqueHandler> LdapHandler<Backend
                        &self.base_dn_str,
                    )?;
                    Ok(GroupRequestFilter::Member(user_name))
-                } else if field.to_lowercase() == "objectclass" && value == "groupOfUniqueNames" {
-                    Ok(GroupRequestFilter::And(vec![]))
+                } else if field.to_lowercase() == "objectclass" {
+                    if value == "groupOfUniqueNames" || value == "groupOfNames" {
+                        Ok(GroupRequestFilter::And(vec![]))
+                    } else {
+                        Ok(GroupRequestFilter::Not(Box::new(GroupRequestFilter::And(
+                            vec![],
+                        ))))
+                    }
                } else {
                    let field = map_field(field)?;
                    if field == "display_name" {
@ -1116,6 +1122,7 @@ mod tests {
                GroupRequestFilter::DisplayName("group_1".to_string()),
                GroupRequestFilter::Member(UserId::new("bob")),
                GroupRequestFilter::And(vec![]),
+                GroupRequestFilter::And(vec![]),
            ]))))
            .times(1)
            .return_once(|_| {
@ -1135,6 +1142,7 @@ mod tests {
                    "cn=bob,ou=people,dc=example,dc=com".to_string(),
                ),
                LdapFilter::Equality("objectclass".to_string(), "groupOfUniqueNames".to_string()),
+                LdapFilter::Equality("objectclass".to_string(), "groupOfNames".to_string()),
            ]),
            vec!["cn"],
        );