From 0437f238de1498d0bf7c27c307256b7d01eafa9d Mon Sep 17 00:00:00 2001
From: yu-i-i <kla9555@gmail.com>
Date: Mon, 21 Jul 2025 18:40:25 +0200
Subject: [PATCH] Remove LDAP admin check via group search in ldap-passport

---
 .../ldap/app/src/LDAPAuthenticationManager.mjs               | 5 ++---
 .../authentication/ldap/app/src/LDAPModuleManager.mjs        | 5 -----
 2 files changed, 2 insertions(+), 8 deletions(-)

diff --git a/services/web/modules/authentication/ldap/app/src/LDAPAuthenticationManager.mjs b/services/web/modules/authentication/ldap/app/src/LDAPAuthenticationManager.mjs
index 66943e82a3..6a35b77566 100644
--- a/services/web/modules/authentication/ldap/app/src/LDAPAuthenticationManager.mjs
+++ b/services/web/modules/authentication/ldap/app/src/LDAPAuthenticationManager.mjs
@@ -30,9 +30,8 @@ const LDAPAuthenticationManager = {
     if (!firstName && !lastName) lastName = email
     let isAdmin = false
     if( attAdmin && valAdmin ) {
-      isAdmin = (profile._groups?.length > 0) ||
-                (Array.isArray(profile[attAdmin]) ? profile[attAdmin].includes(valAdmin) :
-                                                    profile[attAdmin] === valAdmin)
+      isAdmin = Array.isArray(profile[attAdmin]) ? profile[attAdmin].includes(valAdmin) :
+                                                   profile[attAdmin] === valAdmin
     }
     let user = await User.findOne({ 'email': email }).exec()
 
diff --git a/services/web/modules/authentication/ldap/app/src/LDAPModuleManager.mjs b/services/web/modules/authentication/ldap/app/src/LDAPModuleManager.mjs
index 2e915b23ce..643342430a 100644
--- a/services/web/modules/authentication/ldap/app/src/LDAPModuleManager.mjs
+++ b/services/web/modules/authentication/ldap/app/src/LDAPModuleManager.mjs
@@ -31,11 +31,6 @@ const LDAPModuleManager = {
       searchFilter: process.env.OVERLEAF_LDAP_SEARCH_FILTER,
       searchScope: process.env.OVERLEAF_LDAP_SEARCH_SCOPE || 'sub',
       searchAttributes: JSON.parse(process.env.OVERLEAF_LDAP_SEARCH_ATTRIBUTES || '[]'),
-      groupSearchBase: process.env.OVERLEAF_LDAP_ADMIN_SEARCH_BASE,
-      groupSearchFilter: process.env.OVERLEAF_LDAP_ADMIN_SEARCH_FILTER,
-      groupSearchScope: process.env.OVERLEAF_LDAP_ADMIN_SEARCH_SCOPE || 'sub',
-      groupSearchAttributes: ["dn"],
-      groupDnProperty: process.env.OVERLEAF_LDAP_ADMIN_DN_PROPERTY,
       cache: boolFromEnv(process.env.OVERLEAF_LDAP_CACHE),
       timeout: numFromEnv(process.env.OVERLEAF_LDAP_TIMEOUT),
       connectTimeout: numFromEnv(process.env.OVERLEAF_LDAP_CONNECT_TIMEOUT),