From 9fb4ccd58362fa8018047e5b3ceae593c32e4389 Mon Sep 17 00:00:00 2001
From: Ralf Haferkamp <rhaferkamp@owncloud.com>
Date: Wed, 13 Apr 2022 15:58:02 +0200
Subject: [PATCH] auth-provider: Fix LDAP login filter

Using a substring filter is certainly wrong here. We need an exact match.
---
 pkg/auth/manager/ldap/ldap.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/auth/manager/ldap/ldap.go b/pkg/auth/manager/ldap/ldap.go
index 374a54435c2..7f6cda7fd21 100644
--- a/pkg/auth/manager/ldap/ldap.go
+++ b/pkg/auth/manager/ldap/ldap.go
@@ -203,7 +203,7 @@ func (am *mgr) Authenticate(ctx context.Context, clientID, clientSecret string)
 func (am *mgr) getLoginFilter(login string) string {
 	var filter string
 	for _, attr := range am.c.LoginAttributes {
-		filter = fmt.Sprintf("%s(%s=%s*)", filter, attr, ldap.EscapeFilter(login))
+		filter = fmt.Sprintf("%s(%s=%s)", filter, attr, ldap.EscapeFilter(login))
 	}
 
 	return fmt.Sprintf("(&%s(objectclass=%s)(|%s))",