Merge pull request #22 from BeocatKSU/master

More options for ldap group membership
jupyterhub · Oct 27, 2016 · 33e5621 · 33e5621
2 parents 96082c8 + 922b759
commit 33e5621
Showing 1 changed file with 10 additions and 3 deletions.
diff --git a/ldapauthenticator/ldapauthenticator.py b/ldapauthenticator/ldapauthenticator.py
@@ -41,7 +41,6 @@ def _server_port_default(self):
         """
     )
 
-
     allowed_groups = List(
         config=True,
         help="List of LDAP Group DNs whose members are allowed access"
@@ -128,11 +127,19 @@ def authenticate(self, handler, data):
                     userdn = conn.response[0]['dn']
 
                 for group in self.allowed_groups:
+                    groupfilter = (
+                        '(|'
+                        '(member={userdn})'
+                        '(uniqueMember={userdn})'
+                        '(memberUid={uid})'
+                        ')'
+                    ).format(userdn=userdn, uid=username)
+                    groupattributes = ['member', 'uniqueMember', 'memberUid']
                     if conn.search(
                         group,
                         search_scope=ldap3.BASE,
-                        search_filter='(member={userdn})'.format(userdn=userdn),
-                        attributes=['member']
+                        search_filter=groupfilter,
+                        attributes=groupattributes
                     ):
                         return username
                 # If we reach here, then none of the groups matched