From 3ae0001bb59d84030ac2ce95a04c165da439d1aa Mon Sep 17 00:00:00 2001
From: "gcp-cherry-pick-bot[bot]"
 <98988430+gcp-cherry-pick-bot[bot]@users.noreply.github.com>
Date: Fri, 15 Nov 2024 13:52:39 +0100
Subject: [PATCH] providers/ldap: fix global search_full_directory permission
 not being sufficient (cherry-pick #12028) (#12030)

providers/ldap: fix global search_full_directory permission not being sufficient (#12028)

* providers/ldap: fix global search_full_directory permission not being sufficient



* use full name of permission



---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L. <jens@goauthentik.io>
---
 authentik/providers/ldap/api.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/authentik/providers/ldap/api.py b/authentik/providers/ldap/api.py
index d5eed6cdf5e9..93b66eeea053 100644
--- a/authentik/providers/ldap/api.py
+++ b/authentik/providers/ldap/api.py
@@ -159,7 +159,10 @@ def check_access(self, request: Request, pk) -> Response:
         access_response = PolicyResult(result.passing)
         response = self.LDAPCheckAccessSerializer(
             instance={
-                "has_search_permission": request.user.has_perm("search_full_directory", provider),
+                "has_search_permission": (
+                    request.user.has_perm("search_full_directory", provider)
+                    or request.user.has_perm("authentik_providers_ldap.search_full_directory")
+                ),
                 "access": access_response,
             }
         )