From 65ad19bffeda2b299d89117b00d1ca85e555c72b Mon Sep 17 00:00:00 2001
From: Reto Breitenmoser <reto.breitenmoser@4trees.ch>
Date: Mon, 9 Jul 2018 12:38:51 +0200
Subject: [PATCH] [Fix] read all group names

---
 .../handler/LdapPrivilegeHandler.java         | 32 ++++++++++++-------
 1 file changed, 20 insertions(+), 12 deletions(-)

diff --git a/li.strolch.privilege/src/main/java/li/strolch/privilege/handler/LdapPrivilegeHandler.java b/li.strolch.privilege/src/main/java/li/strolch/privilege/handler/LdapPrivilegeHandler.java
index 4abd1e7f0..3cee1e7ef 100644
--- a/li.strolch.privilege/src/main/java/li/strolch/privilege/handler/LdapPrivilegeHandler.java
+++ b/li.strolch.privilege/src/main/java/li/strolch/privilege/handler/LdapPrivilegeHandler.java
@@ -11,6 +11,7 @@ import java.util.Set;
 import javax.naming.Context;
 import javax.naming.NamingEnumeration;
 import javax.naming.NamingException;
+import javax.naming.directory.Attribute;
 import javax.naming.directory.Attributes;
 import javax.naming.directory.DirContext;
 import javax.naming.directory.InitialDirContext;
@@ -97,21 +98,28 @@ public class LdapPrivilegeHandler extends DefaultPrivilegeHandler {
 				SearchResult sr = (SearchResult) answer.next();
 
 				Attributes attrs = sr.getAttributes();
-				memberOfLdapString = (attrs.get("memberOf") != null) ? attrs.get("memberOf").get().toString() : "";
+				Attribute groupMembers = attrs.get("memberOf");
 
-				// extract group name from ldap string -> CN=groupname,OU=company,DC=domain,DC=country
-				LdapName memberOfName = new LdapName(memberOfLdapString);
-				for (Rdn rdn : memberOfName.getRdns()) {
-					if (rdn.getType().equalsIgnoreCase("CN")) {
-						String groupName = rdn.getValue().toString();
-						Set<String> foundStrolchRoles = rolesForLdapGroups.get(groupName);
-						if (foundStrolchRoles != null)
-							strolchRoles.addAll(foundStrolchRoles);
-						break;
+				if (groupMembers != null) {
+					for (int i = 0; i < groupMembers.size(); i++) {
+
+						memberOfLdapString = attrs.get("memberOf").get(i).toString();
+
+						// extract group name from ldap string -> CN=groupname,OU=company,DC=domain,DC=country
+						LdapName memberOfName = new LdapName(memberOfLdapString);
+						for (Rdn rdn : memberOfName.getRdns()) {
+							if (rdn.getType().equalsIgnoreCase("CN")) {
+								String groupName = rdn.getValue().toString();
+								Set<String> foundStrolchRoles = rolesForLdapGroups.get(groupName);
+								if (foundStrolchRoles != null)
+									strolchRoles.addAll(foundStrolchRoles);
+								break;
+							}
+						}
+
+						logger.info("User " + username + " is member of groups: " + memberOfLdapString);
 					}
 				}
-
-				logger.info("User " + username + " is member of groups: " + memberOfLdapString);
 			}
 
 			ctx.close();