diff --git a/changelog/unreleased/fix-ldap-getuserbyclaim-userid.md b/changelog/unreleased/fix-ldap-getuserbyclaim-userid.md new file mode 100644 index 0000000000..e6e958a2f3 --- /dev/null +++ b/changelog/unreleased/fix-ldap-getuserbyclaim-userid.md @@ -0,0 +1,7 @@ +Bugfix: GetUserByClaim not working with MSAD for claim "userid" + +We fixed GetUserByClaim to correctly deal with binary encoded userid +as e.g. used for Active Directory. + +https://github.com/cs3org/reva/pull/4249 +https://github.com/owncloud/ocis/issues/7469 diff --git a/pkg/utils/ldap/identity.go b/pkg/utils/ldap/identity.go index 3f3c4a8a5e..f438d33203 100644 --- a/pkg/utils/ldap/identity.go +++ b/pkg/utils/ldap/identity.go @@ -526,7 +526,7 @@ func (i *Identity) getUserAttributeFilter(attribute, value string) (string, erro default: return "", errors.New("ldap: invalid field " + attribute) } - if attribute == "userid" && i.User.Schema.IDIsOctetString { + if attribute == i.User.Schema.ID && i.User.Schema.IDIsOctetString { id, err := uuid.Parse(value) if err != nil { err := errors.Wrap(err, fmt.Sprintf("error parsing OpaqueID '%s' as UUID", value)) @@ -687,7 +687,7 @@ func (i *Identity) getGroupAttributeFilter(attribute, value string) (string, err default: return "", errors.New("ldap: invalid field " + attribute) } - if attribute == "group_id" && i.Group.Schema.IDIsOctetString { + if attribute == i.Group.Schema.ID && i.Group.Schema.IDIsOctetString { id, err := uuid.Parse(value) if err != nil { err := errors.Wrap(err, fmt.Sprintf("error parsing OpaqueID '%s' as UUID", value))