diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ObjectQueryService.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ObjectQueryService.java index ebf979274b..e1fa2bb451 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ObjectQueryService.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ObjectQueryService.java @@ -37,6 +37,7 @@ import org.apache.directory.api.ldap.model.filter.EqualityNode; import org.apache.directory.api.ldap.model.filter.ExprNode; import org.apache.directory.api.ldap.model.filter.OrNode; +import org.apache.directory.api.ldap.model.filter.PresenceNode; import org.apache.directory.api.ldap.model.message.Referral; import org.apache.directory.api.ldap.model.message.SearchRequest; import org.apache.directory.api.ldap.model.name.Dn; @@ -142,15 +143,31 @@ public ExprNode generateQuery(ExprNode filter, AndNode searchFilter = new AndNode(); searchFilter.addNode(filter); - // Include all attributes within OR clause if there are more than one + // If no attributes provided, we're done. + if (attributes.size() < 1) + return searchFilter; + + // Include all attributes within OR clause OrNode attributeFilter = new OrNode(); - - // Add equality comparison for each possible attribute - attributes.forEach(attribute -> - attributeFilter.addNode(new EqualityNode(attribute, attributeValue)) - ); + + // If value is defined, check each attribute for that value. + if (attributeValue != null) { + attributes.forEach(attribute -> + attributeFilter.addNode(new EqualityNode(attribute, + attributeValue)) + ); + } + + // If no value is defined, just check for presence of attribute. + else { + attributes.forEach(attribute -> + attributeFilter.addNode(new PresenceNode(attribute)) + ); + } searchFilter.addNode(attributeFilter); + + logger.trace("Sending LDAP filter: \"{}\"", searchFilter.toString()); return searchFilter;