Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Revert #199 to fix group membership lookups #234
The PR in #199 contained changes that weren't right - breaking the behaviour of LDAP setups when
This PR reverts the previous change to make this work correctly again.
This reverts commit bf64cf2, reversing changes made to f022103. This change isn't right -- it an LDAP setup when `group_attribute_is_dn on` is enabled, which is what this section of code (bf64cf2#diff-c05c0daefb48996cbf510b81002b49bcR2230) is conditionally targeting. This original PR #199 changed the underlying LDAP query (eg `user_val`) from looking up the user's DN as a group attribute in LDAP (eg set via the `group_attribute` directive in nginx) to looking up the _group's_ DN, which isn't right and won't work. This PR reverts the previous change to make this work correctly again. Fwiw, the originally-referenced issue #180 seems to be a completely different issue, relating to escaping and parentheses.