From 3324b22e505fd0b0df2fb0a19f61804ca4a6afbb Mon Sep 17 00:00:00 2001
From: Stefan Benz <46600784+stebenz@users.noreply.github.com>
Date: Tue, 6 May 2025 14:47:00 +0200
Subject: [PATCH] fix: correctly "or"-join userfilters

---
 internal/idp/providers/ldap/session.go      | 12 ++++++------
 internal/idp/providers/ldap/session_test.go | 10 +++++-----
 2 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/internal/idp/providers/ldap/session.go b/internal/idp/providers/ldap/session.go
index 1679e35b61..160acef8eb 100644
--- a/internal/idp/providers/ldap/session.go
+++ b/internal/idp/providers/ldap/session.go
@@ -194,7 +194,7 @@ func trySearchAndUserBind(
 	searchQuery := queriesAndToSearchQuery(
 		objectClassesToSearchQuery(objectClasses),
 		queriesOrToSearchQuery(
-			userFiltersToSearchQuery(userFilters, username),
+			userFiltersToSearchQuery(userFilters, username)...,
 		),
 	)
 
@@ -261,12 +261,12 @@ func objectClassesToSearchQuery(classes []string) string {
 	return searchQuery
 }
 
-func userFiltersToSearchQuery(filters []string, username string) string {
-	searchQuery := ""
-	for _, filter := range filters {
-		searchQuery += "(" + filter + "=" + ldap.EscapeFilter(username) + ")"
+func userFiltersToSearchQuery(filters []string, username string) []string {
+	searchQueries := make([]string, len(filters))
+	for i, filter := range filters {
+		searchQueries[i] = "(" + filter + "=" + ldap.EscapeFilter(username) + ")"
 	}
-	return searchQuery
+	return searchQueries
 }
 
 func mapLDAPEntryToUser(
diff --git a/internal/idp/providers/ldap/session_test.go b/internal/idp/providers/ldap/session_test.go
index 69ba3a3256..89fee68718 100644
--- a/internal/idp/providers/ldap/session_test.go
+++ b/internal/idp/providers/ldap/session_test.go
@@ -49,31 +49,31 @@ func TestProvider_userFiltersToSearchQuery(t *testing.T) {
 		name     string
 		fields   []string
 		username string
-		want     string
+		want     []string
 	}{
 		{
 			name:     "zero",
 			fields:   []string{},
 			username: "user",
-			want:     "",
+			want:     []string{},
 		},
 		{
 			name:     "one",
 			fields:   []string{"test"},
 			username: "user",
-			want:     "(test=user)",
+			want:     []string{"(test=user)"},
 		},
 		{
 			name:     "three",
 			fields:   []string{"test1", "test2", "test3"},
 			username: "user",
-			want:     "(test1=user)(test2=user)(test3=user)",
+			want:     []string{"(test1=user)", "(test2=user)", "(test3=user)"},
 		},
 		{
 			name:     "five",
 			fields:   []string{"test1", "test2", "test3", "test4", "test5"},
 			username: "user",
-			want:     "(test1=user)(test2=user)(test3=user)(test4=user)(test5=user)",
+			want:     []string{"(test1=user)", "(test2=user)", "(test3=user)", "(test4=user)", "(test5=user)"},
 		},
 	}
 	for _, tt := range tests {