add isPerson check to query

Daan Hoogland · Daan Hoogland · commit d03a18bb71b4 · 2025-10-15T17:14:35.000+02:00
diff --git a/plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/ldap/ADLdapUserManagerImpl.java b/plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/ldap/ADLdapUserManagerImpl.java
@@ -58,6 +58,8 @@ public List<LdapUser> getUsersInGroup(String groupName, LdapContext context, Lon
     }
 
     String generateADGroupSearchFilter(String groupName, Long domainId) {
+        final String isPersonFilter = "(objectCategory=person)";
+
         final StringBuilder userObjectFilter = new StringBuilder();
         userObjectFilter.append("(objectClass=");
         userObjectFilter.append(_ldapConfiguration.getUserObject(domainId));
@@ -71,6 +73,7 @@ String generateADGroupSearchFilter(String groupName, Long domainId) {
 
         final StringBuilder result = new StringBuilder();
         result.append("(&");
+        result.append(isPersonFilter);
         result.append(userObjectFilter);
         result.append(memberOfFilter);
         result.append(")");
diff --git a/plugins/user-authenticators/ldap/src/test/java/org/apache/cloudstack/ldap/ADLdapUserManagerImplTest.java b/plugins/user-authenticators/ldap/src/test/java/org/apache/cloudstack/ldap/ADLdapUserManagerImplTest.java
@@ -54,7 +54,7 @@ public void testGenerateADSearchFilterWithNestedGroupsEnabled() {
         String [] groups = {"dev", "dev-hyd"};
         for (String group: groups) {
             String result = adLdapUserManager.generateADGroupSearchFilter(group, 1L);
-            assertTrue(("(&(objectClass=user)(memberOf:1.2.840.113556.1.4.1941:=CN=" + group + ",DC=cloud,DC=citrix,DC=com))").equals(result));
+            assertTrue(("(&(objectCategory=person)(objectClass=user)(memberOf:1.2.840.113556.1.4.1941:=CN=" + group + ",DC=cloud,DC=citrix,DC=com))").equals(result));
         }
 
     }
@@ -69,7 +69,7 @@ public void testGenerateADSearchFilterWithNestedGroupsDisabled() {
         String [] groups = {"dev", "dev-hyd"};
         for (String group: groups) {
             String result = adLdapUserManager.generateADGroupSearchFilter(group, 1L);
-            assertTrue(("(&(objectClass=user)(memberOf=CN=" + group + ",DC=cloud,DC=citrix,DC=com))").equals(result));
+            assertTrue(("(&(objectCategory=person)(objectClass=user)(memberOf=CN=" + group + ",DC=cloud,DC=citrix,DC=com))").equals(result));
         }
     }
 

Original file line number	Diff line number	Diff line change
`@@ -54,7 +54,7 @@ public void testGenerateADSearchFilterWithNestedGroupsEnabled() {`
`54`	`54`	`String [] groups = {"dev", "dev-hyd"};`
`55`	`55`	`for (String group: groups) {`
`56`	`56`	`String result = adLdapUserManager.generateADGroupSearchFilter(group, 1L);`
`57`		`- assertTrue(("(&(objectClass=user)(memberOf:1.2.840.113556.1.4.1941:=CN=" + group + ",DC=cloud,DC=citrix,DC=com))").equals(result));`
	`57`	`+ assertTrue(("(&(objectCategory=person)(objectClass=user)(memberOf:1.2.840.113556.1.4.1941:=CN=" + group + ",DC=cloud,DC=citrix,DC=com))").equals(result));`
`58`	`58`	`}`
`59`	`59`
`60`	`60`	`}`
`@@ -69,7 +69,7 @@ public void testGenerateADSearchFilterWithNestedGroupsDisabled() {`
`69`	`69`	`String [] groups = {"dev", "dev-hyd"};`
`70`	`70`	`for (String group: groups) {`
`71`	`71`	`String result = adLdapUserManager.generateADGroupSearchFilter(group, 1L);`
`72`		`- assertTrue(("(&(objectClass=user)(memberOf=CN=" + group + ",DC=cloud,DC=citrix,DC=com))").equals(result));`
	`72`	`+ assertTrue(("(&(objectCategory=person)(objectClass=user)(memberOf=CN=" + group + ",DC=cloud,DC=citrix,DC=com))").equals(result));`
`73`	`73`	`}`
`74`	`74`	`}`
`75`	`75`