Restore the old uncached group member search logic when Member_Attr_Value is DN

Filtering on (dn=...) is invalid because DN isn't an attribute. Therefore if DN is what we need to search on, use the member's DN as the search base and the standard user filter. Only if we're searching on an attribute do we now use the standard user base and an extended user filter.

Restore the old uncached group member search logic when Member_Attr_Value is DN
Filtering on (dn=...) is invalid because DN isn't an attribute. Therefore if DN is what we need to search on, use the member's DN as the search base and the standard user filter. Only if we're searching on an attribute do we now use the standard user base and an extended user filter.
b76bbf22 · Thomas Sibley · 05f15db9 · b76bbf22
Commit b76bbf22 authored May 24, 2012 by Thomas Sibley
--- a/lib/RT/Extension/LDAPImport.pm
+++ b/lib/RT/Extension/LDAPImport.pm
@@ -1080,10 +1080,14 @@ sub add_group_members {
        if (exists $users->{lc $member}) {
            next unless $username = $users->{lc $member};
        } else {
+            my $attr    = lc($RT::LDAPGroupMapping->{Member_Attr_Value} || 'dn');
+            my $base    = $attr eq 'dn' ? $member : $RT::LDAPBase;
+            my $filter  = $attr eq 'dn'
+                            ? $RT::LDAPFilter
+                            : "(&$RT::LDAPFilter($attr=" . escape_filter_value($member) . "))";
            my @results = $self->_run_search(
-                base   => $RT::LDAPBase,
-                filter => "(&$RT::LDAPFilter($RT::LDAPGroupMapping->{Member_Attr_Value}="
-                            . escape_filter_value($member) . "))"
+                base   => $base,
+                filter => $filter,
            );
            unless ( @results ) {
                $users->{lc $member} = undef;