Github user mike-jumper commented on a diff in the pull request:
https://github.com/apache/guacamole-client/pull/245#discussion_r165875030
--- Diff:
extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/connection/ConnectionService.java
---
@@ -257,7 +257,7 @@ private String getConnectionSearchFilter(String userDN,
LDAPSearchResults userRoleGroupResults = ldapConnection.search(
groupBaseDN,
LDAPConnection.SCOPE_SUB,
- "(&(!(objectClass=guacConfigGroup))(member=" +
escapingService.escapeLDAPSearchFilter(userDN) + "))",
+ "(&(!(objectClass=guacConfigGroup))(|(member=" +
escapingService.escapeLDAPSearchFilter(userDN) + ")(memberUid=" +
user.getCredentials().getUsername() + ")))",
--- End diff --
The username value here will need to be escaped for inclusion in a filter.
---
