GUACAMOLE-893: Fix issue where just checking for attribute presence.
diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ObjectQueryService.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ObjectQueryService.java
index 07e713c..e1fa2bb 100644
--- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ObjectQueryService.java
+++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ObjectQueryService.java
@@ -37,6 +37,7 @@
import org.apache.directory.api.ldap.model.filter.EqualityNode;
import org.apache.directory.api.ldap.model.filter.ExprNode;
import org.apache.directory.api.ldap.model.filter.OrNode;
+import org.apache.directory.api.ldap.model.filter.PresenceNode;
import org.apache.directory.api.ldap.model.message.Referral;
import org.apache.directory.api.ldap.model.message.SearchRequest;
import org.apache.directory.api.ldap.model.name.Dn;
@@ -149,14 +150,25 @@
// Include all attributes within OR clause
OrNode attributeFilter = new OrNode();
- // Add equality comparison for each possible attribute
- attributes.forEach(attribute ->
- attributeFilter.addNode(new EqualityNode(attribute,
- (attributeValue != null ? attributeValue : "*")))
- );
+ // If value is defined, check each attribute for that value.
+ if (attributeValue != null) {
+ attributes.forEach(attribute ->
+ attributeFilter.addNode(new EqualityNode(attribute,
+ attributeValue))
+ );
+ }
+
+ // If no value is defined, just check for presence of attribute.
+ else {
+ attributes.forEach(attribute ->
+ attributeFilter.addNode(new PresenceNode(attribute))
+ );
+ }
searchFilter.addNode(attributeFilter);
+ logger.trace("Sending LDAP filter: \"{}\"", searchFilter.toString());
+
return searchFilter;
}