Return both user and operational LDAP attributes

Explicitly request both user and operation attributes for LDAP group search as the default searching does not include operational attributes. This is required to fetch the memberOf attribute when checking LDAP group membership. Fixes #9151
2025-10-08 10:34:25 +00:00 · 2023-10-26 23:16:29 +11:00
parent be8547e56f
commit 56b7cbf4db
1 changed files with 5 additions and 3 deletions
--- a/dspace-api/src/main/java/org/dspace/authenticate/LDAPAuthentication.java
+++ b/dspace-api/src/main/java/org/dspace/authenticate/LDAPAuthentication.java
@@ -494,6 +494,8 @@ public class LDAPAuthentication
                try {
                    SearchControls ctrls = new SearchControls();
                    ctrls.setSearchScope(ldap_search_scope_value);
+                    // Fetch both user attributes '*' (eg. uid, cn) and operational attributes '+' (eg. memberOf)
+                    ctrls.setReturningAttributes(new String[] {"*", "+"});

                    String searchName;
                    if (useTLS) {
@@ -700,13 +702,13 @@ public class LDAPAuthentication
    /*
     * Add authenticated users to the group defined in dspace.cfg by
     * the authentication-ldap.login.groupmap.* key.
-     * 
+     *
     * @param dn
     *  The string containing distinguished name of the user
-     * 
+     *
     * @param group
     *  List of strings with LDAP dn of groups
-     * 
+     *
     * @param context
     *  DSpace context
     */