chore: Add diagnostic log for LDAP logins that expect groups (#9807)

Adds a little hint as to why an LDAP login could fail. See my related comment here: https://codeberg.org/forgejo/forgejo/issues/9546#issuecomment-7853243 I hope this will save the next person running into this a lot of hair pulling 😬 Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9807 Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org> Reviewed-by: Lucas <sclu1034@noreply.codeberg.org> Co-authored-by: polyfloyd <floyd@polyfloyd.net> Co-committed-by: polyfloyd <floyd@polyfloyd.net>
2026-05-12 22:10:25 +00:00 · 2025-11-28 07:28:55 +01:00 · 2025-11-28 07:28:55 +01:00 · 5130d926ef
commit 5130d926ef
parent d02db83bbb
1 changed files with 1 additions and 0 deletions
--- a/services/auth/source/ldap/source_search.go
+++ b/services/auth/source/ldap/source_search.go
@ -386,6 +386,7 @@ func (source *Source) SearchEntry(name, passwd string, directBind bool) *SearchR
 		usersLdapGroups = source.listLdapGroupMemberships(l, userAttributeListedInGroup, true)

 		if source.GroupFilter != "" && len(usersLdapGroups) == 0 {
+			log.Info("Rejecting LDAP login: group filter set but user is not in any group")
 			return nil
 		}
 	}