From 6a728f107e8ea2b530885d75ec9c45556d43fe83 Mon Sep 17 00:00:00 2001 From: rithu john Date: Tue, 27 Dec 2016 11:07:03 -0800 Subject: [PATCH] connector/ldap: enable groupSearch to be empty --- connector/ldap/ldap.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/connector/ldap/ldap.go b/connector/ldap/ldap.go index 47ce6ff5..c5e45d37 100644 --- a/connector/ldap/ldap.go +++ b/connector/ldap/ldap.go @@ -445,6 +445,11 @@ func (c *ldapConnector) Refresh(ctx context.Context, s connector.Scopes, ident c } func (c *ldapConnector) groups(ctx context.Context, user ldap.Entry) ([]string, error) { + if c.GroupSearch.BaseDN == "" { + c.logger.Debugf("No groups returned for %q because no groups baseDN has been configured.", getAttr(user, c.UserSearch.NameAttr)) + return nil, nil + } + filter := fmt.Sprintf("(%s=%s)", c.GroupSearch.GroupAttr, ldap.EscapeFilter(getAttr(user, c.GroupSearch.UserAttr))) if c.GroupSearch.Filter != "" { filter = fmt.Sprintf("(&%s%s)", c.GroupSearch.Filter, filter)