Don't require a groupOfNames objectClass, other objectClasses (e.g. group) are available and may even be more popular in the Real World (or at least that part of it which installs Microsoft Active Directory 2012 Server Enterprise Edition™®).

2011-12-05 18:36:36 +00:00 · 2011-12-05 18:36:36 +00:00 · cb72ea619e
parent 6670ffe8d3
commit cb72ea619e
1 changed files with 1 additions and 2 deletions
--- a/deps/rabbitmq_auth_backend_ldap/src/rabbit_auth_backend_ldap.erl
+++ b/deps/rabbitmq_auth_backend_ldap/src/rabbit_auth_backend_ldap.erl
@ -119,8 +119,7 @@ evaluate({exists, DNPattern}, Args, _User, LDAP) ->
    object_exists(DNPattern, Filter, Args, LDAP);

 evaluate({in_group, DNPattern}, Args, #user{impl = UserDN}, LDAP) ->
-    Filter = eldap:'and'([eldap:equalityMatch("objectClass", "groupOfNames"),
-                          eldap:equalityMatch("member",      UserDN)]),
+    Filter = eldap:equalityMatch("member", UserDN),
    object_exists(DNPattern, Filter, Args, LDAP);

 evaluate({match, StringQuery, REQuery}, Args, User, LDAP) ->