From 942f978ed26217b4795a5a22fb4e42661b311b4a Mon Sep 17 00:00:00 2001
From: Tobias Genannt <tobias.genannt@gmail.com>
Date: Wed, 4 Sep 2024 17:53:24 +0200
Subject: [PATCH] Revert "Feature: Support for multiple AUTH_LDAP_REQUIRE_GROUP
 from environment variables"

---
 configuration/ldap/extra.py       |  3 ++-
 configuration/ldap/ldap_config.py | 14 ++------------
 2 files changed, 4 insertions(+), 13 deletions(-)

diff --git a/configuration/ldap/extra.py b/configuration/ldap/extra.py
index b76047a..4505197 100644
--- a/configuration/ldap/extra.py
+++ b/configuration/ldap/extra.py
@@ -1,10 +1,11 @@
 ####
 ## This file contains extra configuration options that can't be configured
 ## directly through environment variables.
-## All variables set here overwrite any existing found in ldap_config.py
+## All vairables set here overwrite any existing found in ldap_config.py
 ####
 
 # # This Python script inherits all the imports from ldap_config.py
+# from django_auth_ldap.config import LDAPGroupQuery # Imported since not in ldap_config.py
 
 # # Sets a base requirement of membetship to netbox-user-ro, netbox-user-rw, or netbox-user-admin.
 # AUTH_LDAP_REQUIRE_GROUP = (
diff --git a/configuration/ldap/ldap_config.py b/configuration/ldap/ldap_config.py
index d25b3e8..82fad72 100644
--- a/configuration/ldap/ldap_config.py
+++ b/configuration/ldap/ldap_config.py
@@ -2,7 +2,7 @@ from importlib import import_module
 from os import environ
 
 import ldap
-from django_auth_ldap.config import LDAPGroupQuery, LDAPSearch
+from django_auth_ldap.config import LDAPSearch
 
 
 # Read secret from file
@@ -86,22 +86,12 @@ AUTH_LDAP_GROUP_TYPE = _import_group_type(environ.get('AUTH_LDAP_GROUP_TYPE', 'G
 # Define a group required to login.
 AUTH_LDAP_REQUIRE_GROUP = environ.get('AUTH_LDAP_REQUIRE_GROUP_DN')
 
-# If non-empty string, AUTH_LDAP_REQUIRE_GROUP will be treated as a list delimited by this separator
-AUTH_LDAP_REQUIRE_GROUP_SEPARATOR = environ.get('AUTH_LDAP_REQUIRE_GROUP_DN_SEPARATOR', '')
-
 # Define special user types using groups. Exercise great caution when assigning superuser status.
 AUTH_LDAP_USER_FLAGS_BY_GROUP = {}
 
 if AUTH_LDAP_REQUIRE_GROUP is not None:
-    # Build an LDAPGroupQuery when AUTH_LDAP_REQUIRE_GROUP should be treated as a list
-    if AUTH_LDAP_REQUIRE_GROUP_SEPARATOR:
-        _groups = list(filter(None, AUTH_LDAP_REQUIRE_GROUP.split(AUTH_LDAP_REQUIRE_GROUP_SEPARATOR)))
-        AUTH_LDAP_REQUIRE_GROUP = LDAPGroupQuery(_groups[0])
-        for i in range(1, len(_groups)):
-            AUTH_LDAP_REQUIRE_GROUP |= LDAPGroupQuery(_groups[i])
-
     AUTH_LDAP_USER_FLAGS_BY_GROUP = {
-        "is_active": AUTH_LDAP_REQUIRE_GROUP,
+        "is_active": environ.get('AUTH_LDAP_REQUIRE_GROUP_DN', ''),
         "is_staff": environ.get('AUTH_LDAP_IS_ADMIN_DN', ''),
         "is_superuser": environ.get('AUTH_LDAP_IS_SUPERUSER_DN', '')
     }