diff --git a/app/models.py b/app/models.py
index 4053ca8..116053f 100644
--- a/app/models.py
+++ b/app/models.py
@@ -249,7 +249,13 @@ class User(db.Model):
return False
elif LDAP_TYPE == 'ad':
user_ldap_groups = []
- for group in [g.decode("utf-8") for g in ldap_result[0][0][1]['memberOf']]:
+ user_ad_member_of = ldap_result[0][0][1].get('memberOf')
+
+ if not user_ad_member_of:
+ logging.error('User {0} does not belong to any group while LDAP_GROUP_SECURITY_ENABLED is ON'.format(self.username))
+ return False
+
+ for group in [g.decode("utf-8") for g in user_ad_member_of]:
user_ldap_groups += self.ad_recursive_groups( group )
if (LDAP_ADMIN_GROUP in user_ldap_groups):
diff --git a/app/templates/admin_setting_authentication.html b/app/templates/admin_setting_authentication.html
index 3becf6e..8bb629b 100644
--- a/app/templates/admin_setting_authentication.html
+++ b/app/templates/admin_setting_authentication.html
@@ -216,7 +216,7 @@
Basic filter - The filter that will be applied to all LDAP query by PDA. (e.g. (objectClass=inetorgperson) for OpenLDAP and (objectClass=organizationalPerson) for Active Directory)
- Username field - The field PDA will look for user's username. (e.g. uid for OpenLDAP and sAMAccountName or userPrincipalName for Active Directory)
+ Username field - The field PDA will look for user's username. (e.g. uid for OpenLDAP and sAMAccountName for Active Directory)