From e79829b5b368617d8a95051f986afbe3621a8a4b Mon Sep 17 00:00:00 2001 From: Aditya Manthramurthy Date: Wed, 27 Jan 2021 17:31:21 -0800 Subject: [PATCH] Bind to lookup user after user auth to lookup ldap groups (#11357) --- cmd/config/identity/ldap/config.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/cmd/config/identity/ldap/config.go b/cmd/config/identity/ldap/config.go index cd7dfeef9..049715f11 100644 --- a/cmd/config/identity/ldap/config.go +++ b/cmd/config/identity/ldap/config.go @@ -283,6 +283,11 @@ func (l *Config) Bind(username, password string) (string, []string, error) { errRet := fmt.Errorf("LDAP auth failed for DN %s: %v", bindDN, err) return "", nil, errRet } + + // Bind to the lookup user account again to perform group search. + if err = l.lookupBind(conn); err != nil { + return "", nil, err + } } else { // Verify login credentials by checking the username formats. bindDN, err = l.usernameFormatsBind(conn, username, password)