Authentication rule condition basedn matching does not work

[alarsing]

Describe the bug
Authentication rule with condition basedn match does not work. The problem is in file lib/pf/Authentication/Source/LDAPSource.pm the function ldap_filter_for_conditions. It will return string "basedn" not the actual value of the basedn that was specified in Authentication rule.

To Reproduce

1. Create new LDAP/AD Authentication Source and add Authentication Rule.
2. Set Conditions basedn is "ou=Computers,dc=your,dc=domain"
3. Monitor logs and see error: [AD-Source] Unable to execute search (&(|(servicePrincipalName=host/COMPUTER.your.domain)(sAMAccountName=host/COMPUTER.your.domain)(UserPrincipalName=host/COMPUTER.your.domain))) from basedn on adsrv.your.domain:389, we skip the rule. (pf::Authentication::Source::LDAPSource::_match_in_subclass)

[nqb]

Hello,

Could you provide more details about "It will return string "basedn" not the actual value of the basedn" ?
I'm not sure to understand what you mean here.

Thanks

[alarsing]

Log is generated from subclass _match_in_subclass

on line 448 $logger->error("[$self->{'id'}] Unable to execute search $filter from $basedn on $LDAPServer:$LDAPServerPort, we skip the rule.");

$basedn is equal to "basedn" but should be "ou=Computers,dc=your,dc=domain"

in file lib/pf/Authentication/Source/LDAPSource.pm
line 591 sub ldap_filter_for_conditions {
line 615 if ($attribute eq "basedn") {
line 616 $basedn = $attribute;
line 617 next;
line 618 }

Line 616 should be $basedn = $value not $attribute