From 8aa516a20485c139f36cc55e10939ba972b48c0f Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@courtesan.com>
Date: Fri, 24 Feb 2012 15:17:48 -0500
Subject: [PATCH] When adding gids to the LDAP filter, only add the primary gid
 once. This is consistent with the space computation/allocation. From Eric
 Lakin

--HG--
branch : 1.8
---
 plugins/sudoers/ldap.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/plugins/sudoers/ldap.c b/plugins/sudoers/ldap.c
index 04afd87bb..a46ba1519 100644
--- a/plugins/sudoers/ldap.c
+++ b/plugins/sudoers/ldap.c
@@ -1166,6 +1166,8 @@ sudo_ldap_build_pass1(struct passwd *pw)
 	    (void) strlcat(buf, ")", sz);
 	}
 	for (i = 0; i < grlist->ngids; i++) {
+	    if (pw->pw_gid == grlist->gids[i])
+		continue;
 	    (void) snprintf(gidbuf, sizeof(gidbuf), "%u",
 		(unsigned int)grlist->gids[i]);
 	    (void) strlcat(buf, "(sudoUser=%#", sz);
-- 
2.50.1