From 0b577eee05165634e2d8ac0422df98d3c3d55ae4 Mon Sep 17 00:00:00 2001
From: "Jens L." <jens@goauthentik.io>
Date: Thu, 14 Nov 2024 18:45:40 +0000
Subject: [PATCH] providers/ldap: fix global search_full_directory permission
 not being sufficient (#12028)

* providers/ldap: fix global search_full_directory permission not being sufficient

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use full name of permission

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---
 authentik/providers/ldap/api.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/authentik/providers/ldap/api.py b/authentik/providers/ldap/api.py
index d5eed6cdf5e9..93b66eeea053 100644
--- a/authentik/providers/ldap/api.py
+++ b/authentik/providers/ldap/api.py
@@ -159,7 +159,10 @@ def check_access(self, request: Request, pk) -> Response:
         access_response = PolicyResult(result.passing)
         response = self.LDAPCheckAccessSerializer(
             instance={
-                "has_search_permission": request.user.has_perm("search_full_directory", provider),
+                "has_search_permission": (
+                    request.user.has_perm("search_full_directory", provider)
+                    or request.user.has_perm("authentik_providers_ldap.search_full_directory")
+                ),
                 "access": access_response,
             }
         )