Open acharseth opened 9 months ago
Thanks @acharseth, apologies for the long reply here. Yes I agree, the emulator is the one not working properly. The query builder is working as expected. I'm able to reproduce this locally. Working on a patch -- haven't found a solution yet. Will report here once I do 👍
Environment:
Describe the bug: I wanted a scope requiring to be member of one or more groups. I therefore created a scope with an initial
where
for one group and two moreorWhere
for 2 other groups. Something like this:With experience from SQL this makes sense but does not in LDAP. This creates the following LDAP filter (as decoded from the log):
This means that you have to be member of both Group1 and (Group2 or Groups 3), which is not what I intended. Still using the built in LDAP emulator I could be member of eg. Group3 only and still get included. In the test environment, however, I did not get included. The correct implementation for the scope is to use orWhere on all 3 groups like this:
This will create a correct LDAP-filter:
To my understanding ActiveDirectoy has a correct implementation of the filter and the built in emulator does not. Agree?