From 0253682c0049011ed267887d1bff8b5b02e49050 Mon Sep 17 00:00:00 2001
From: Peter Marschall <peter@adpm.de>
Date: Sun, 29 Dec 2024 13:18:39 +0100
Subject: [PATCH] LDAP auth: do not blindly assume groups have a 2-letter
 naming attribute

Instead, strip away everything before (and including) the '=' sign of ther RDN.
---
 radicale/auth/ldap.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/radicale/auth/ldap.py b/radicale/auth/ldap.py
index 25da242c..40f0ef09 100644
--- a/radicale/auth/ldap.py
+++ b/radicale/auth/ldap.py
@@ -142,7 +142,9 @@ def _login2(self, login: str, password: str) -> str:
             if self._ldap_load_groups:
                 tmp = []
                 for g in user_entry[1]['memberOf']:
-                    tmp.append(g.decode('utf-8').split(',')[0][3:])
+                    """Get group g's RDN's attribute value"""
+                    g = g.decode('utf-8').split(',')[0]
+                    tmp.append(g.partition('=')[2])
                 self._ldap_groups = set(tmp)
                 logger.debug("_login2 LDAP groups of user: %s", ",".join(self._ldap_groups))
             conn.unbind()
@@ -205,7 +207,9 @@ def _login3(self, login: str, password: str) -> str:
             if self._ldap_load_groups:
                 tmp = []
                 for g in user_entry['attributes']['memberOf']:
-                    tmp.append(g.split(',')[0][3:])
+                    """Get group g's RDN's attribute value"""
+                    g = g.split(',')[0]
+                    tmp.append(g.partition('=')[2])
                 self._ldap_groups = set(tmp)
                 logger.debug("_login3 LDAP groups of user: %s", ",".join(self._ldap_groups))
             conn.unbind()