Group restriction should use full DN for group classes which require.

[ajbrown]

When the group class used for filtering is groupOfUniqueNames, the username used in the filter must be an FDN. This update leverages the existing code which was already in place when using the UserResourceAuthenticator.

In both cases, this fixes group restrictive authentication agaist groupOfUniqueNames.

Given a group such as:

# extended LDIF
#
# LDAPv3
# base <ou=Group,dc=example,dc=org> with scope subtree
# filter: cn=MyGroup
# requesting: ALL
#

# MyGroup, Group, example.org
dn: cn=AVD,ou=Group,dc=example,dc=org
objectClass: groupOfUniqueNames
uniqueMember:
uniqueMember: cn=ajbrown,ou=people,dc=example,dc=org
uniqueMember: cn=foobar,ou=people,dc=example,dc=org
uniqueMember: cn=buzzbar,ou=people,dc=example,dc=org
cn: MyGroup

Correct Filter: (after PR)

(&(uniqueMember=cn=ajbrown,ou=people,dc=example,dc=org)(|(cn=MyGroup)))

Incorrect Filter: (before PR)

(&(uniqueMember=ajbrown)(|(cn=MyGroup)))

[msftclas]

This seems like a small (but important) contribution, so no Contribution License Agreement is required at this point. We will now review your pull request. Thanks, Microsoft Pull Request Bot

[ajbrown]

@chrisgray I'm not sure what your normal process is, but this one is pretty urgent need for a current project. Any thoughts on when you might be able to cut a release?

[chrisgray]

I can get a release out today sure. Could you add some documentation to the readme though to take advantage of this groupOfUniqueNames usage?

[ajbrown]

@chrisgray done! Let me know if that doesn't work for you.

[chrisgray]

Thanks @ajbrown !

[chrisgray]

Released in 1.0.5