From a8125ec673e51c7edcb094b1dab2242b95a8e17a Mon Sep 17 00:00:00 2001
From: Robin Sonnabend <rsonnabend@asta.rwth-aachen.de>
Date: Wed, 12 Jul 2017 22:41:04 +0200
Subject: [PATCH] Enabled recursive group membership in AD

/close #144
---
 auth.py | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/auth.py b/auth.py
index 7ab7b4e..58d16a5 100644
--- a/auth.py
+++ b/auth.py
@@ -115,12 +115,17 @@ class ADManager:
         obj_def = ldap3.ObjectDef("user", connection)
         name_filter = "cn:={}".format(username)
         user_reader = ldap3.Reader(connection, obj_def, self.user_dn, name_filter)
+        group_def = ldap3.ObjectDef("group", connection)
+        def _yield_recursive_groups(group_dn):
+            group_reader = ldap3.Reader(connection, group_def, group_dn, None)
+            for entry in group_reader.search():
+                yield entry.name.value
+                for child in entry.memberOf:
+                    yield from _yield_recursive_groups(child)
         for result in user_reader.search():
             for group_dn in result.memberOf:
-                group_dn_parts = parse_dn(group_dn)
-                if len(group_dn_parts) >= 1:
-                    key, group, next_char = group_dn_parts[0]
-                    yield group
+                yield from _yield_recursive_groups(group_dn)
+
 
     def all_groups(self):
         connection = self.prepare_connection()
-- 
GitLab