From 2ce8bc95eb3985936c3d632a6683c9f8eef89179 Mon Sep 17 00:00:00 2001
From: vishalnayak <vishalnayakv@gmail.com>
Date: Fri, 14 Oct 2016 17:20:50 -0400
Subject: [PATCH] Deduplicate the policies in ldap backend

---
 builtin/credential/ldap/backend.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/builtin/credential/ldap/backend.go b/builtin/credential/ldap/backend.go
index e5caa35af..a68083183 100644
--- a/builtin/credential/ldap/backend.go
+++ b/builtin/credential/ldap/backend.go
@@ -7,6 +7,7 @@ import (
 
 	"github.com/go-ldap/ldap"
 	"github.com/hashicorp/vault/helper/mfa"
+	"github.com/hashicorp/vault/helper/strutil"
 	"github.com/hashicorp/vault/logical"
 	"github.com/hashicorp/vault/logical/framework"
 )
@@ -158,6 +159,9 @@ func (b *backend) Login(req *logical.Request, username string, password string)
 		}
 	}
 
+	// Policies from each group may overlap
+	policies = strutil.RemoveDuplicates(policies)
+
 	if len(policies) == 0 {
 		errStr := "user is not a member of any authorized group"
 		if len(ldapResponse.Warnings()) > 0 {