LDAP search result defaults to first element in the array

[arunoruto]

I am currently trying to use your ldap version of overleaf at our small research group. We are using the LDAP server from Synology and there is some weird behavior when logging in.

I made an ldap group called overleaf and only members of that group should be able to login. When I try to login, the logs of /var/log/sharelatex/web.log show an array with multiple users found. But according to the code here, the first element of the array is taken as the result, even tho, the actual match is found somewhere else. This results in a positive login, but the email and name is not set correctly. Is this some weird behavior of the Synology server or am I missing some setting?

I also logged the filterstr and the result was (memberof=cn=overleaf,cn=groups,dc=example,dc=com), which gives no indication of the user to be searched for.

[arunoruto]

I think I found the "solution" to the problem independently. I was confused since only the memberof part was in the filter. I forgot one could also specify the uid or other attributes, which is also utilized in the filterstr here.

I copied a filter string from nextcloud (which generates it nicely for one), and now it works!
For those wondering how the filter looks like, here it is:

(&(|(uid=%u)(|(mailPrimaryAddress=%u)(mail=%m)))(|(memberof=cn=administrators,cn=groups,dc=example,dc=com)(memberof=cn=overleaf,cn=groups,dc=example,dc=com)))
The mailPrimaryAddress and mail parts were unnecessary, but I included them for completeness' sake.

[smhaller]

Should we add a paragraph in the README.md on howto create the filterstr?

[arunoruto]

It would be nice to have some tips about how to set up an LDAP filter string. I somehow completely forgot about how to generate a filter string, even tho I did it a few times for other services, so it should come in handy for other users as well.
Should I make something and then make a pull request?

[smhaller]

If you have time I would appreciate it.