From cdfe8161d4429bdfe879887fe0b563a67c14f50b Mon Sep 17 00:00:00 2001
From: Kyle Mendell <kmendell@ofkm.us>
Date: Sun, 23 Mar 2025 13:30:12 -0500
Subject: [PATCH] fix: skip ldap objects without a valid unique id (#376)

Co-authored-by: Elias Schneider <login@eliasschneider.com>
---
 backend/internal/service/ldap_service.go | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/backend/internal/service/ldap_service.go b/backend/internal/service/ldap_service.go
index b92a02bc..20cd8a70 100644
--- a/backend/internal/service/ldap_service.go
+++ b/backend/internal/service/ldap_service.go
@@ -98,6 +98,13 @@ func (s *LdapService) SyncGroups() error {
 		var membersUserId []string
 
 		ldapId := value.GetAttributeValue(uniqueIdentifierAttribute)
+
+		// Skip groups without a valid LDAP ID
+		if ldapId == "" {
+			log.Printf("Skipping LDAP group without a valid unique identifier (attribute: %s)", uniqueIdentifierAttribute)
+			continue
+		}
+
 		ldapGroupIDs[ldapId] = true
 
 		// Try to find the group in the database
@@ -216,6 +223,13 @@ func (s *LdapService) SyncUsers() error {
 
 	for _, value := range result.Entries {
 		ldapId := value.GetAttributeValue(uniqueIdentifierAttribute)
+
+		// Skip users without a valid LDAP ID
+		if ldapId == "" {
+			log.Printf("Skipping LDAP user without a valid unique identifier (attribute: %s)", uniqueIdentifierAttribute)
+			continue
+		}
+
 		ldapUserIDs[ldapId] = true
 
 		// Get the user from the database