From fb8ad30bcc9b2c1e250da309f300cd42b38024ac Mon Sep 17 00:00:00 2001
From: Christian Albrecht <christian.albrecht@mayflower.de>
Date: Fri, 14 Jun 2024 13:35:22 +0200
Subject: [PATCH] ldap/bind/memory: do not cache LDAPResultOperationsError
 #9972

---
 internal/outpost/ldap/bind/memory/memory.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/internal/outpost/ldap/bind/memory/memory.go b/internal/outpost/ldap/bind/memory/memory.go
index b75c073bdfb1..4c6dfcc0fb56 100644
--- a/internal/outpost/ldap/bind/memory/memory.go
+++ b/internal/outpost/ldap/bind/memory/memory.go
@@ -47,7 +47,7 @@ func (sb *SessionBinder) Bind(username string, req *bind.Request) (ldap.LDAPResu
 		DN:       req.BindDN,
 		Password: req.BindPW,
 	})
-	if item != nil {
+	if item != nil && item.Value() != ldap.LDAPResultOperationsError {
 		sb.log.WithField("bindDN", req.BindDN).Info("authenticated from session")
 		return item.Value(), nil
 	}
@@ -56,7 +56,7 @@ func (sb *SessionBinder) Bind(username string, req *bind.Request) (ldap.LDAPResu
 	// Only cache the result if there's been an error
 	if err == nil {
 		flag := sb.si.GetFlags(req.BindDN)
-		if flag == nil  || (flag.UserInfo == nil && flag.UserPk == flags.InvalidUserPK) {
+		if flag == nil || (flag.UserInfo == nil && flag.UserPk == flags.InvalidUserPK) {
 			sb.log.Error("user flags not set after bind")
 			return result, err
 		}