Return both user and operational LDAP attributes

Explicitly request both user and operation attributes for LDAP group search as the default searching does not include operational attributes. This is required to fetch the memberOf attribute when checking LDAP group membership. Fixes #9151
2025-10-10 03:23:13 +00:00 · 2023-10-26 23:16:29 +11:00
parent be8547e56f
commit 56b7cbf4db
1 changed files with 5 additions and 3 deletions
--- a/dspace-api/src/main/java/org/dspace/authenticate/LDAPAuthentication.java
+++ b/dspace-api/src/main/java/org/dspace/authenticate/LDAPAuthentication.java
@@ -494,6 +494,8 @@ public class LDAPAuthentication
                try {
                    SearchControls ctrls = new SearchControls();
                    ctrls.setSearchScope(ldap_search_scope_value);
+                    // Fetch both user attributes '*' (eg. uid, cn) and operational attributes '+' (eg. memberOf)
+                    ctrls.setReturningAttributes(new String[] {"*", "+"});

                    String searchName;
                    if (useTLS) {