From 98c43f9090e0fa76e4e7ded01ea3568fc1eadcbb Mon Sep 17 00:00:00 2001
From: Thorsten Eckel <te@znuny.com>
Date: Fri, 16 Jun 2017 10:09:42 +0200
Subject: [PATCH] Fixed issue #1179 - OpenLDAP group member lookup fails.

---
 lib/ldap/group.rb | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/lib/ldap/group.rb b/lib/ldap/group.rb
index bec592c70..ba60b8297 100644
--- a/lib/ldap/group.rb
+++ b/lib/ldap/group.rb
@@ -80,14 +80,14 @@ class Ldap
       filter ||= filter()
 
       result = {}
-      @ldap.search(filter, attributes: %w(dn member)) do |entry|
-
-        members = entry[:member]
-        next if members.blank?
+      @ldap.search(filter, attributes: %w(dn member memberuid)) do |entry|
 
         roles = mapping[entry.dn.downcase]
         next if roles.blank?
 
+        members = group_user_dns(entry)
+        next if members.blank?
+
         members.each do |user_dn|
           user_dn_key = user_dn.downcase
 
@@ -133,5 +133,18 @@ class Ldap
       @uid_attribute = config[:uid_attribute]
       @filter        = config[:filter]
     end
+
+    def group_user_dns(entry)
+      return entry[:member] if entry[:member].present?
+      return if entry[:memberuid].blank?
+
+      entry[:memberuid].collect do |uid|
+        dn = nil
+        @ldap.search("(uid=#{uid})", attributes: %w(dn)) do |user|
+          dn = user.dn
+        end
+        dn
+      end.compact
+    end
   end
 end