fix: hotfix LDAP Search

Author: Naksen

app/ldap_protocol/filter_interpreter.py

@@ -31,6 +31,7 @@
     User,
 )
 from ldap_protocol.utils.helpers import ft_to_dt
+from ldap_protocol.utils.queries import get_path_filter, get_search_path
 from repo.pg.tables import groups_table, queryable_attr as qa, users_table
 
 from .asn1parser import ASN1Row, TagNumbers
@@ -398,6 +399,14 @@ def _cast_item(self, item: ASN1Row) -> UnaryExpression | ColumnElement:  # noqa:
 
         is_substring = item.tag_id == TagNumbers.SUBSTRING
 
+        if attr == "distinguishedname" and not is_substring:
+            try:
+                dn_search_path = get_search_path(right.value)
+            except Exception:  # noqa: S110
+                pass
+            else:
+                return get_path_filter(dn_search_path)
+
         if attr == "anr":
             if is_substring:
                 expr = right.value[0]

app/ldap_protocol/ldap_requests/search.py

@@ -153,6 +153,10 @@ def is_sid_requested(self) -> bool:
     def is_guid_requested(self) -> bool:
         return self.all_attrs or "objectguid" in self.requested_attrs
 
+    @property
+    def is_objectclass_requested(self) -> bool:
+        return self.all_attrs or "objectclass" in self.requested_attrs
+
     @cached_property
     def all_attrs(self) -> bool:
         return "*" in self.requested_attrs or not self.requested_attrs
@@ -417,11 +421,16 @@ def _mutate_query_with_attributes_to_load(
             if attr not in _ATTRS_TO_CLEAN
         }
 
+        cond = or_(
+            func.lower(Attribute.name).in_(attrs),
+            func.lower(Attribute.name) == "objectclass",
+        )
+
         return query.options(
             selectinload(qa(Directory.attributes)),
             with_loader_criteria(
                 Attribute,
-                func.lower(Attribute.name).in_(attrs),
+                cond,
             ),
         )
 
@@ -534,7 +543,7 @@ async def _fill_attrs(
         attrs: dict[str, list[str]],
         session: AsyncSession,
     ) -> None:
-        if "distinguishedname" not in self.requested_attrs or self.all_attrs:
+        if "distinguishedname" in self.requested_attrs or self.all_attrs:
             attrs["distinguishedName"].append(distinguished_name)
 
         if "whenCreated" in self.requested_attrs or self.all_attrs:
@@ -572,10 +581,6 @@ async def _fill_attrs(
                 attrs["memberOf"].append(group.directory.path_dn)
 
         if self.token_groups and "user" in obj_classes:
-            attrs["tokenGroups"].append(
-                str(string_to_sid(directory.object_sid)),
-            )
-
             group_directories = await get_all_parent_group_directories(
                 directory.groups,
                 session,
@@ -584,7 +589,7 @@ async def _fill_attrs(
             if group_directories is not None:
                 async for directory_ in group_directories:
                     attrs["tokenGroups"].append(
-                        str(string_to_sid(directory_.object_sid)),
+                        string_to_sid(directory_.object_sid),  # type: ignore
                     )
 
         if self.member and "group" in obj_classes and directory.group:
@@ -638,6 +643,9 @@ async def tree_view(  # noqa: C901
 
                 if attr.name.lower() == "objectclass":
                     obj_classes.append(value)
+                    if self.is_objectclass_requested:
+                        attrs[attr.name].append(value)
+                    continue
 
                 attrs[attr.name].append(value)