[Bps-public-commit] rt-authen-externalauth branch, master, updated. 0.09_02-2-g7f2043d

[Thomas Sibley]

The branch, master has been updated
       via  7f2043d384875991fa68c61f9324f89f4415f90c (commit)
      from  df840942f2e5378a6e37aececefa704d901d8427 (commit)

Summary of changes:
 lib/RT/Authen/ExternalAuth/LDAP.pm |    6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)

- Log -----------------------------------------------------------------
commit 7f2043d384875991fa68c61f9324f89f4415f90c
Author: Thomas Sibley <trs at bestpractical.com>
Date:   Fri Jan 27 16:05:47 2012 -0500

    Make sure we fetch the user attribute we need for the group check
    
    Otherwise, most LDAP servers won't return the attribute and we'll think
    it's undef.  Tests didn't uncover this bug because the test server
    returns all attributes regardless of what's requested.

diff --git a/lib/RT/Authen/ExternalAuth/LDAP.pm b/lib/RT/Authen/ExternalAuth/LDAP.pm
index ed335e0..a8fcb95 100644
--- a/lib/RT/Authen/ExternalAuth/LDAP.pm
+++ b/lib/RT/Authen/ExternalAuth/LDAP.pm
@@ -23,6 +23,10 @@ sub GetAuth {
     my $attr_map        = $config->{'attr_map'};
     my @attrs           = ('dn');
 
+    # Make sure we fetch the user attribute we'll need for the group check
+    push @attrs, $group_attr_val
+        unless lc $group_attr_val eq 'dn';
+
     # Empty parentheses as filters cause Net::LDAP to barf.
     # We take care of this by using Net::LDAP::Filter, but
     # there's no harm in fixing this right now.
@@ -107,6 +111,8 @@ sub GetAuth {
             $RT::Logger->debug("Attribute '$group_attr_val' has no value; falling back to '$group_val'");
         }
 
+        # We only need the dn for the actual group since all we care about is existence
+        @attrs  = qw(dn);
         $filter = Net::LDAP::Filter->new("(${group_attr}=" . escape_filter_value($group_val) . ")");
         
         $RT::Logger->debug( "LDAP Search === ",

-----------------------------------------------------------------------