From 33e83502b8b622ba6a519073c017b181eef05787 Mon Sep 17 00:00:00 2001
From: Derek Feichtinger <derek.feichtinger@psi.ch>
Date: Thu, 31 Jan 2019 14:54:53 +0100
Subject: [PATCH] fixed recursive behavior for -g option and DNs without unix
 mappings

---
 ldapuserdir/ldapuserdir.py | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/ldapuserdir/ldapuserdir.py b/ldapuserdir/ldapuserdir.py
index ee0e996..fb0a8ee 100755
--- a/ldapuserdir/ldapuserdir.py
+++ b/ldapuserdir/ldapuserdir.py
@@ -151,12 +151,12 @@ class LdapUserDir(object):
         """
         if self.page_size == 0:
             # Do not use paged results
-            self.logger.debug('not using paging since page_size is %d\n' % self.page_size)
+            self.logger.debug('not using paging since page_size is %d' % self.page_size)
             return self._ldap.search_s(base, scope, filterstr, attrlist,
                                        attrsonly)
         else:
             # Use paged results
-            self.logger.debug('paging with current page size set to %d\n' % self.page_size)
+            self.logger.debug('paging with current page size set to %d' % self.page_size)
             page_ctrl = SimplePagedResultsControl(criticality=True,
                                                   size=self.page_size,
                                                   cookie='')
@@ -354,7 +354,7 @@ class LdapUserDir(object):
                         sys.stdout.write('N.A.:')
                 sys.stdout.write('\n')
 
-    def systemuser2dn(self, uname):
+    def systemuser2dn(self, uname, mssfu=True):
         """Converts a user's system username to the dn of the ldap directory
         by performing a search on ldap
 
@@ -374,7 +374,9 @@ class LdapUserDir(object):
            if no such user exists
 
         """
-        srch = '(&(objectClass=user)(!(objectClass=computer))(msSFU30UidNumber=*)(msSFU30HomeDirectory=*)(cn=%s))' % uname
+        srch = '(&(objectClass=user)(!(objectClass=computer))(cn=%s))' % uname
+        if mssfu:
+            srch = '(&(objectClass=user)(!(objectClass=computer))(msSFU30UidNumber=*)(msSFU30HomeDirectory=*)(cn=%s))' % uname
 
         self.logger.debug('systemuser2dn: %s' % srch)
         r = self.search_s_reconn(self.user_ou, ldap.SCOPE_SUBTREE, srch)
@@ -446,12 +448,13 @@ class LdapUserDir(object):
         list
 
         """
-        self.logger.debug('get_memberof for %s' % dn)
+        self.logger.debug('get_memberof: for dn: %s' % dn)
 
         srch = '(&)'
         if mssfu:
             srch = '(|(msSFU30GidNumber=*)(msSFU30UidNumber=*))'
 
+        self.logger.debug('get_memberof: query = %s' % srch )
         r = self.search_s_reconn(dn, ldap.SCOPE_BASE, srch,
                                  attrlist=['memberOf'])
 
@@ -470,12 +473,14 @@ class LdapUserDir(object):
                 r2 = self.search_s_reconn(g, ldap.SCOPE_BASE, srch)
                 if len(r2):
                     tmplist.append(g)
+                else:
+                    self.logger.debug('no msSFU info found for %s' % g)
             grplist = tmplist
 
         if recursive:
             tmplist = []
             for g in grplist:
-                tmplist.extend(self.get_memberof(g))
+                tmplist.extend(self.get_memberof(g, recursive=recursive))
             grplist.extend(tmplist)
 
         return grplist
@@ -508,7 +513,7 @@ class LdapUserDir(object):
            if CN cannot be identified in a resulting group
         """
         if not self.has_dn_format(user):
-            dnname = self.systemuser2dn(user)
+            dnname = self.systemuser2dn(user, mssfu=mssfu)
         else:
             dnname = user