Deduplicate the policies in ldap backend

2016-10-14 17:20:50 -04:00 · 2016-10-14 17:20:50 -04:00 · 2ce8bc95eb
parent 557bf45de6
commit 2ce8bc95eb
1 changed files with 4 additions and 0 deletions
--- a/builtin/credential/ldap/backend.go
+++ b/builtin/credential/ldap/backend.go
@ -7,6 +7,7 @@ import (

 	"github.com/go-ldap/ldap"
 	"github.com/hashicorp/vault/helper/mfa"
+	"github.com/hashicorp/vault/helper/strutil"
 	"github.com/hashicorp/vault/logical"
 	"github.com/hashicorp/vault/logical/framework"
 )
@ -158,6 +159,9 @@ func (b *backend) Login(req *logical.Request, username string, password string)
 		}
 	}

+	// Policies from each group may overlap
+	policies = strutil.RemoveDuplicates(policies)
+
 	if len(policies) == 0 {
 		errStr := "user is not a member of any authorized group"
 		if len(ldapResponse.Warnings()) > 0 {