From e4aebd21df841bab9ba1a86fad732a9b03a958f7 Mon Sep 17 00:00:00 2001
From: ChrissW-R1 <ChrissW-R1@users.noreply.github.com>
Date: Sat, 30 May 2020 22:41:37 +0200
Subject: [PATCH] [NEW] Accept variable `#{userdn}` on LDAP group filter
 (#16273)

---
 app/ldap/server/sync.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/ldap/server/sync.js b/app/ldap/server/sync.js
index 9c3249b9172c..5e290d9bb8e4 100644
--- a/app/ldap/server/sync.js
+++ b/app/ldap/server/sync.js
@@ -28,7 +28,7 @@ export function isUserInLDAPGroup(ldap, ldapUser, user, ldapGroup) {
 		return false;
 	}
 	const searchOptions = {
-		filter: syncUserRolesFilter.replace(/#{username}/g, user.username).replace(/#{groupName}/g, ldapGroup),
+		filter: syncUserRolesFilter.replace(/#{username}/g, user.username).replace(/#{groupName}/g, ldapGroup).replace(/#{userdn}/g, ldapUser.dn),
 		scope: 'sub',
 	};