From 78c8be71d1bbc5b438eaab4659a6ad053d15563b Mon Sep 17 00:00:00 2001
From: rdd2 <5879453+rdd2@users.noreply.github.com>
Date: Thu, 8 Jul 2021 13:09:27 +0200
Subject: [PATCH] Enable group sync for LDAP servers, that do not return
 memberOf (#5082)

---
 src/opnsense/mvc/app/library/OPNsense/Auth/LDAP.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/opnsense/mvc/app/library/OPNsense/Auth/LDAP.php b/src/opnsense/mvc/app/library/OPNsense/Auth/LDAP.php
index 634d15df2..4af6766e7 100644
--- a/src/opnsense/mvc/app/library/OPNsense/Auth/LDAP.php
+++ b/src/opnsense/mvc/app/library/OPNsense/Auth/LDAP.php
@@ -578,7 +578,7 @@ class LDAP extends Base implements IAuthConnector
         if ($ldap_is_connected) {
             $this->lastAuthProperties['dn'] = $user_dn;
             if ($this->ldapReadProperties) {
-                $sr = @ldap_read($this->ldapHandle, $user_dn, '(objectclass=*)');
+                $sr = @ldap_read($this->ldapHandle, $user_dn, '(objectclass=*)', ['*', 'memberOf']);
                 $info = @ldap_get_entries($this->ldapHandle, $sr);
                 if ($info['count'] != 0) {
                     foreach ($info[0] as $ldap_key => $ldap_value) {