From b7957f598bf5987bc733c392417679976ecabf3d Mon Sep 17 00:00:00 2001
From: Matthew Strasiotto <39424834+matthewstrasiotto@users.noreply.github.com>
Date: Thu, 12 May 2022 20:46:46 +1000
Subject: [PATCH] ldap wildcard handler, error if '*' attribute makes it to
 get_x_attribute

---
 server/src/infra/ldap_handler.rs | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/server/src/infra/ldap_handler.rs b/server/src/infra/ldap_handler.rs
index 2433d4c..bbf2e81 100644
--- a/server/src/infra/ldap_handler.rs
+++ b/server/src/infra/ldap_handler.rs
@@ -120,11 +120,10 @@ fn get_user_attribute(user: &User, attribute: &str, dn: &str) -> Result<Option<V
         // We ignore the operational attribute wildcard
         "+" => return Ok(None),
         "*" => {
-            warn!(
+            bail!(
                 "Matched {}, * should have been expanded into attribute list and * removed",
                 attribute
-            );
-            return Ok(None);
+            )
         }
         _ => {
             warn!("Ignoring unrecognized group attribute: {}", attribute);
@@ -209,11 +208,10 @@ fn get_group_attribute(
         // We ignore the operational attribute wildcard
         "+" => return Ok(None),
         "*" => {
-            warn!(
+            bail!(
                 "Matched {}, * should have been expanded into attribute list and * removed",
                 attribute
-            );
-            return Ok(None);
+            )
         }
         _ => {
             warn!("Ignoring unrecognized group attribute: {}", attribute);