From 4ccad4f207b2f15b1213f2e5ba4acc8166931d6f Mon Sep 17 00:00:00 2001
From: Jacob Floyd <cognifloyd@gmail.com>
Date: Tue, 22 Oct 2024 10:58:58 -0500
Subject: [PATCH] fmt

---
 st2auth_ldap/ldap_backend.py | 20 +++++++++-----------
 1 file changed, 9 insertions(+), 11 deletions(-)

diff --git a/st2auth_ldap/ldap_backend.py b/st2auth_ldap/ldap_backend.py
index 4b27587..103e215 100644
--- a/st2auth_ldap/ldap_backend.py
+++ b/st2auth_ldap/ldap_backend.py
@@ -397,7 +397,7 @@ def _verify_user_group_membership(
         in the config (and / or).
         """
         required_group_dns = self._group_dns
-        check_behavior = self._group_dns_check # default: "and"
+        check_behavior = self._group_dns_check  # default: "and"
         use_fqdns = self._group_dns_are_fqdns
 
         if check_behavior == 'and':
@@ -414,21 +414,19 @@ def _verify_user_group_membership(
         )
 
         if (
-            use_fqdns
-            and check_behavior == 'and'
-            and required_group_dns.issubset(norm_user_groups)
+            use_fqdns and
+            check_behavior == 'and' and
+            required_group_dns.issubset(user_group_dns)
         ) or (
-            use_fqdns
-            and check_behavior == 'or'
-            and required_group_dns.intersection(norm_user_groups)
+            use_fqdns and
+            check_behavior == 'or' and
+            required_group_dns.intersection(user_group_dns)
         ):
             # simple fully qualified DN(s) matched
             return True
         elif not use_fqdns:
-            user_group_rdns = {
-                (group_dn[0],) for group_dn in user_group_dns
-            }
-            #need to check each required DN for RDN
+            user_group_rdns = {(group_dn[0],) for group_dn in user_group_dns}
+            # need to check each required DN for RDN
             for group_dn in required_group_dns:
                 has_group = False
                 if len(group_dn) == 1: