fix(filter): correct LDAP subtree and attribute handling

Updated the normalization of LDAP connections to correctly handle `groupSubtree` and `userSubtree` by fetching values from connection data. Also fixed the retrieval of `userMemberOfAttribute` to use the correct key.
CloudKrafter · Jan 20, 2025 · 94535c0 · 94535c0
1 parent 0b127ac
commit 94535c0
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/plugins/filter/normalize_ldap_connections.py b/plugins/filter/normalize_ldap_connections.py
@@ -39,8 +39,8 @@ def clean_empty(data):
                 "userObjectClass": conn.get("ldap_user_object_class", ""),
                 "ldapGroupsAsRoles": True,
                 "groupBaseDn": conn.get("ldap_group_base_dn", ""),
-                "groupSubtree": False,
-                "userSubtree": False,
+                "groupSubtree": conn.get("ldap_group_subtree", False),
+                "userSubtree": conn.get("ldap_user_subtree", False),
             }
 
             # Determine group type
@@ -55,7 +55,7 @@ def clean_empty(data):
             elif "userMemberOfAttribute" in conn:
                 normalized.update({
                     "groupType": "DYNAMIC",
-                    "userMemberOfAttribute": conn.get("ldap_user_member_attribute", "memberOf"),
+                    "userMemberOfAttribute": conn.get("userMemberOfAttribute", "memberOf"),
                 })
 
         # API format: Keep as-is but clean empty attributes