Github user mike-jumper commented on a diff in the pull request: https://github.com/apache/guacamole-client/pull/245#discussion_r165875030 --- Diff: extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/connection/ConnectionService.java --- @@ -257,7 +257,7 @@ private String getConnectionSearchFilter(String userDN, LDAPSearchResults userRoleGroupResults = ldapConnection.search( groupBaseDN, LDAPConnection.SCOPE_SUB, - "(&(!(objectClass=guacConfigGroup))(member=" + escapingService.escapeLDAPSearchFilter(userDN) + "))", + "(&(!(objectClass=guacConfigGroup))(|(member=" + escapingService.escapeLDAPSearchFilter(userDN) + ")(memberUid=" + user.getCredentials().getUsername() + ")))", --- End diff -- The username value here will need to be escaped for inclusion in a filter.
---