freeipa memberof

src/Services/LdapService.cs

@@ -1,4 +1,4 @@
-//Copyright(c) 2022 MultiFactor
+//Copyright(c) 2022 MultiFactor
 //Please see licence at 
 //https://github.com/MultifactorLab/multifactor-ldap-adapter/blob/main/LICENSE.md
 
@@ -112,7 +112,39 @@ private LdapPacket BuildLoadProfileRequest(string userName, string baseDn)
             return packet;
         }
 
-        private LdapPacket BuildMemberOfRequest(string userName)
+        private LdapAttribute[] GetADMemberOfFilter(string userName) 
+        {
+            return new[]
+            {
+                new LdapAttribute((byte)LdapFilterChoice.extensibleMatch) 
+                {
+                    ChildAttributes = 
+                    {
+                        new LdapAttribute(1, "1.2.840.113556.1.4.1941"),
+                        new LdapAttribute(2, "member"),
+                        new LdapAttribute(3, userName),
+                        new LdapAttribute(4, (byte)0)
+                    }
+                }
+            };
+        }
+
+        private LdapAttribute[] GetFreeIpaMemberOfFilter(string userName)
+        {
+            return new[] 
+            {
+                new LdapAttribute((byte)LdapFilterChoice.equalityMatch) 
+                {
+                    ChildAttributes = 
+                    {
+                        new LdapAttribute(UniversalDataType.OctetString, "member"),
+                        new LdapAttribute(UniversalDataType.OctetString, userName) 
+                    }
+                }
+           };
+        }
+
+        private LdapPacket BuildMemberOfRequest(string userName, LdapAttribute[] memberFilter)
         {
             var packet = new LdapPacket(_messageId++);
 
@@ -126,14 +158,10 @@ private LdapPacket BuildMemberOfRequest(string userName)
             searchRequest.ChildAttributes.Add(new LdapAttribute(UniversalDataType.Integer, (byte)60));      //time limit: 60
             searchRequest.ChildAttributes.Add(new LdapAttribute(UniversalDataType.Boolean, true));          //typesOnly: true
 
-            var filter = new LdapAttribute(9);
-
-            filter.ChildAttributes.Add(new LdapAttribute(1, "1.2.840.113556.1.4.1941"));    //AD filter
-            filter.ChildAttributes.Add(new LdapAttribute(2, "member"));
-            filter.ChildAttributes.Add(new LdapAttribute(3, userName));
-            filter.ChildAttributes.Add(new LdapAttribute(4, (byte)0));
-
-            searchRequest.ChildAttributes.Add(filter);
+            foreach (var attribute in memberFilter)
+            {
+                searchRequest.ChildAttributes.Add(attribute);
+            }
 
             packet.ChildAttributes.Add(searchRequest);
 
@@ -349,7 +377,11 @@ public async Task<List<string>> GetAllGroups(Stream ldapConnectedStream, LdapPro
                 return profile.MemberOf;
             }
 
-            var request = BuildMemberOfRequest(profile.Dn);
+            var memberOfFilter = string.IsNullOrEmpty(clientConfiguration.LdapBaseDn) 
+                ? GetADMemberOfFilter(profile.Dn)
+                : GetFreeIpaMemberOfFilter(profile.Dn);
+
+            var request = BuildMemberOfRequest(profile.Dn, memberOfFilter);
             var requestData = request.GetBytes();
             await ldapConnectedStream.WriteAsync(requestData, 0, requestData.Length);
 

tests/NameResolverTest.cs

@@ -21,7 +21,8 @@ public void ShouldResolveName(string from, string to)
             );
             var resolver = host.Services.GetRequiredService<NameResolverService>();
             var context = new NameResolverContext(new[] {
-                new NetbiosDomainName {
+                new NetbiosDomainName
+                {
                     Domain = "domain.test",
                     NetbiosName = "DOMAIN"
                 }