---
--- Patch against security/pam_ldap 1.8.6
---
--- pam_ldap.c.orig	2012-03-20 00:00:31.000000000 +1100
+++ pam_ldap.c	2012-03-20 00:01:12.000000000 +1100
@@ -4144,7 +4144,7 @@
     {
       rc = ldap_compare_s (session->ld,
 			   session->conf->groupdn,
-			   session->conf->groupattr, session->info->userdn);
+			   session->conf->groupattr, session->info->username);
       if (rc != LDAP_COMPARE_TRUE)
 	{
 	  snprintf (buf, sizeof buf, "You must be a %s of %s to login.",