diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ObjectQueryService.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ObjectQueryService.java index 07e713c63a..e1fa2bb451 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ObjectQueryService.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ObjectQueryService.java @@ -37,6 +37,7 @@ import org.apache.directory.api.ldap.model.filter.EqualityNode; import org.apache.directory.api.ldap.model.filter.ExprNode; import org.apache.directory.api.ldap.model.filter.OrNode; +import org.apache.directory.api.ldap.model.filter.PresenceNode; import org.apache.directory.api.ldap.model.message.Referral; import org.apache.directory.api.ldap.model.message.SearchRequest; import org.apache.directory.api.ldap.model.name.Dn; @@ -149,14 +150,25 @@ public ExprNode generateQuery(ExprNode filter, // Include all attributes within OR clause OrNode attributeFilter = new OrNode(); - // Add equality comparison for each possible attribute - attributes.forEach(attribute -> - attributeFilter.addNode(new EqualityNode(attribute, - (attributeValue != null ? attributeValue : "*"))) - ); + // If value is defined, check each attribute for that value. + if (attributeValue != null) { + attributes.forEach(attribute -> + attributeFilter.addNode(new EqualityNode(attribute, + attributeValue)) + ); + } + + // If no value is defined, just check for presence of attribute. + else { + attributes.forEach(attribute -> + attributeFilter.addNode(new PresenceNode(attribute)) + ); + } searchFilter.addNode(attributeFilter); + logger.trace("Sending LDAP filter: \"{}\"", searchFilter.toString()); + return searchFilter; }