From 1d75be01d88579537a151cfb19b865385e0ce800 Mon Sep 17 00:00:00 2001
From: Chuck Levesque <clevesque@cloudera.com>
Date: Thu, 7 Dec 2023 09:24:44 -0500
Subject: [PATCH] Allow complex expressions in external authentication LDAP
 search filtters

Add option for complex LDAP search filters. Older implementation assumed all ldap filters end with "={0}". This newer implementation allows the user to craft any legal filter expression, including complex compound expressions, like ((&(member={0})(objectclass=posixgroup)(!(cn=admin))). This example would handle the IPA group search filter for ECS 1.5.x

Signed-off-by: Chuck Levesque <clevesque@cloudera.com>
---
 .../external_auth/templates/external_auth_configs.j2            | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/cloudera_manager/external_auth/templates/external_auth_configs.j2 b/roles/cloudera_manager/external_auth/templates/external_auth_configs.j2
index da50dbaf..ed4ea4c2 100644
--- a/roles/cloudera_manager/external_auth/templates/external_auth_configs.j2
+++ b/roles/cloudera_manager/external_auth/templates/external_auth_configs.j2
@@ -24,7 +24,7 @@ LDAP_URL: {{ auth_provider.ldap_url | default(None) }}
 LDAP_USER_SEARCH_BASE: {{ auth_provider.ldap_search_base.user | default(None) }}
 {% if auth_provider.ldap_search_filter.user is defined %}
 LDAP_USER_SEARCH_FILTER: "{{ auth_provider.ldap_search_filter.user }}"
-{% else % }
+{% else %}
 LDAP_USER_SEARCH_FILTER: "({{ auth_provider.ldap_attribute.user | default('sAMAccountName') }}={0})"
 {% endif %}
 NT_DOMAIN: {{ auth_provider.domain | default(None) }}