Skip to content

Enable account on explicit LDAP group match#636

Merged
adubovikov merged 2 commits into
sipcapture:masterfrom
davemcbride:fix-ldap-group-match-enabled
Jun 12, 2026
Merged

Enable account on explicit LDAP group match#636
adubovikov merged 2 commits into
sipcapture:masterfrom
davemcbride:fix-ldap-group-match-enabled

Conversation

@davemcbride

Copy link
Copy Markdown

Problem

When an LDAP user authenticates and explicitly matches the configured admin group or user group, login still fails with a 401 Unauthorized, even though authentication and the group check both succeed.

The cause is in data/service/user.go (LoginUser). In the two explicit group-match branches, userData.IsAdmin is set but userData.Enabled is never set, so it keeps its zero value of false. The login controller then rejects the request:

// controller/v1/user.go
if !userData.Enabled {
    // returns 401 Unauthorized
}

Notably, the fallback branch — where login is permitted via UserMode/AdminMode with no group match — already sets userData.Enabled = true. So the looser path worked while the stricter, explicit group-match path silently failed.

Fix

Set userData.Enabled = true in both group-match branches, consistent with the existing fallback behaviour.

Testing

Built from this branch and deployed in a container against a live LDAP/AD directory. Users matching the configured admin and user groups can now log in successfully; behaviour of the UserMode/AdminMode fallback paths is unchanged.

🤖 Generated with Claude Code

When an LDAP user authenticates and explicitly matches the configured
admin or user group, userData.Enabled was never set, leaving it at its
zero value of false. The login controller then rejects the request with
a 401 (controller/v1/user.go: `if !userData.Enabled`) despite a fully
successful authentication and group match.

The fallback branch (login permitted via UserMode/AdminMode with no
group match) already sets Enabled = true, so the looser path worked
while the stricter, explicit group-match path silently failed.

Set userData.Enabled = true in both group-match branches to match the
existing fallback behaviour.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@CLAassistant

CLAassistant commented Jun 11, 2026

Copy link
Copy Markdown

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
1 out of 2 committers have signed the CLA.

✅ adubovikov
❌ davemcbridegma
You have signed the CLA already but the status is still pending? Let us recheck it.

@adubovikov adubovikov merged commit 0bfe593 into sipcapture:master Jun 12, 2026
@adubovikov

Copy link
Copy Markdown
Member

thank you

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants