From 3c256fecc6289c353766e0fa1667359a70134133 Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Sun, 26 Sep 2021 14:49:11 +0200
Subject: [PATCH] outposts/ldap: add groupofuniquenames

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
---
 internal/outpost/ldap/instance_search.go | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/internal/outpost/ldap/instance_search.go b/internal/outpost/ldap/instance_search.go
index 30a703706..c76cccba5 100644
--- a/internal/outpost/ldap/instance_search.go
+++ b/internal/outpost/ldap/instance_search.go
@@ -116,6 +116,8 @@ func (pi *ProviderInstance) Search(req SearchRequest) (ldap.ServerSearchResult,
 			"client":       utils.GetIP(req.conn.RemoteAddr()),
 		}).Inc()
 		return ldap.ServerSearchResult{ResultCode: ldap.LDAPResultOperationsError}, fmt.Errorf("Search Error: unhandled filter type: %s [%s]", filterEntity, req.Filter)
+	case "groupofuniquenames":
+		fallthrough
 	case "goauthentik.io/ldap/group":
 		fallthrough
 	case "goauthentik.io/ldap/virtual-group":
@@ -224,9 +226,9 @@ func (pi *ProviderInstance) UserEntry(u api.User) *ldap.Entry {
 func (pi *ProviderInstance) GroupEntry(g LDAPGroup) *ldap.Entry {
 	attrs := AKAttrsToLDAP(g.akAttributes)
 
-	objectClass := []string{GroupObjectClass, "goauthentik.io/ldap/group"}
+	objectClass := []string{GroupObjectClass, "groupofuniquenames", "goauthentik.io/ldap/group"}
 	if g.isVirtualGroup {
-		objectClass = []string{GroupObjectClass, "goauthentik.io/ldap/group", "goauthentik.io/ldap/virtual-group"}
+		objectClass = append(objectClass, "goauthentik.io/ldap/virtual-group")
 	}
 
 	attrs = pi.ensureAttributes(attrs, map[string][]string{