From e639d8ab56c3ae8c4998a0221a676e76cb7a95bd Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Thu, 4 Feb 2021 21:18:49 +0100
Subject: [PATCH] sources/ldap: add case when group does not have uniqueness
 attribute

---
 authentik/sources/ldap/sync/membership.py | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/authentik/sources/ldap/sync/membership.py b/authentik/sources/ldap/sync/membership.py
index 3444f3e63..6fe6af870 100644
--- a/authentik/sources/ldap/sync/membership.py
+++ b/authentik/sources/ldap/sync/membership.py
@@ -52,10 +52,19 @@ class MembershipLDAPSynchronizer(BaseLDAPSynchronizer):
 
     def get_group(self, group_dict: dict[str, Any]) -> Optional[Group]:
         """Check if we fetched the group already, and if not cache it for later"""
+        group_dn = group_dict.get("attributes", {}).get(LDAP_DISTINGUISHED_NAME, [])
         group_uniq = group_dict.get("attributes", {}).get(
-            self._source.object_uniqueness_field, ""
+            self._source.object_uniqueness_field, []
         )
-        group_dn = group_dict.get("attributes", {}).get(LDAP_DISTINGUISHED_NAME, "")
+        # group_uniq might be a single string or an array with (hopefully) a single string
+        if isinstance(group_uniq, list):
+            if len(group_uniq) < 1:
+                self._logger.warning(
+                    "Group does not have a uniqueness attribute.",
+                    group=group_dn,
+                )
+                return None
+            group_uniq = group_uniq[0]
         if group_uniq not in self.group_cache:
             groups = Group.objects.filter(
                 **{f"attributes__{LDAP_UNIQUENESS}": group_uniq}