From ed5e7d03c6c44666c6fe97a15e8ce33d223c4466 Mon Sep 17 00:00:00 2001 From: zeripath Date: Wed, 29 Mar 2023 10:54:36 +0100 Subject: [PATCH] Don't apply the group filter when listing LDAP group membership if it is empty (#23745) When running listLdapGroupMemberships check if the groupFilter is empty before using it to list memberships. Fix #23615 Signed-off-by: Andrew Thornton --- services/auth/source/ldap/source_search.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/auth/source/ldap/source_search.go b/services/auth/source/ldap/source_search.go index 5a2d25b0c..2a61386ae 100644 --- a/services/auth/source/ldap/source_search.go +++ b/services/auth/source/ldap/source_search.go @@ -208,7 +208,7 @@ func (source *Source) listLdapGroupMemberships(l *ldap.Conn, uid string, applyGr } var searchFilter string - if applyGroupFilter { + if applyGroupFilter && groupFilter != "" { searchFilter = fmt.Sprintf("(&(%s)(%s=%s))", groupFilter, source.GroupMemberUID, ldap.EscapeFilter(uid)) } else { searchFilter = fmt.Sprintf("(%s=%s)", source.GroupMemberUID, ldap.EscapeFilter(uid))