From ec23ddabc3af15fcf88d2554f645a9624bc67ecf Mon Sep 17 00:00:00 2001
From: stonezdj <stonezdj@gmail.com>
Date: Mon, 25 Oct 2021 11:20:40 +0800
Subject: [PATCH] Check empty ldap attributes value   fixes #11986

Signed-off-by: stonezdj <stonezdj@gmail.com>
---
 src/pkg/ldap/ldap.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/pkg/ldap/ldap.go b/src/pkg/ldap/ldap.go
index 058c958d5..4fa1e211a 100644
--- a/src/pkg/ldap/ldap.go
+++ b/src/pkg/ldap/ldap.go
@@ -154,6 +154,9 @@ func (s *Session) SearchUser(username string) ([]model.User, error) {
 		groupDNList := make([]string, 0)
 		groupAttr := strings.ToLower(s.groupCfg.MembershipAttribute)
 		for _, attr := range ldapEntry.Attributes {
+			if attr == nil || len(attr.Values) == 0 {
+				continue
+			}
 			// OpenLdap sometimes contain leading space in username
 			val := strings.TrimSpace(attr.Values[0])
 			log.Debugf("Current ldap entry attr name: %s\n", attr.Name)
@@ -374,7 +377,9 @@ func (s *Session) searchGroup(groupDN, filter, gName, groupNameAttribute string)
 		return ldapGroups, nil
 	}
 	groupName := ""
-	if len(result.Entries[0].Attributes) > 0 {
+	if len(result.Entries[0].Attributes) > 0 &&
+		result.Entries[0].Attributes[0] != nil &&
+		len(result.Entries[0].Attributes[0].Values) > 0 {
 		groupName = result.Entries[0].Attributes[0].Values[0]
 	} else {
 		groupName = groupDN