LDAP: Make LDAP attribute mapping case-insensitive (grafana#58992)

markkrj · mgyongyosi · web-flow · commit 91582ba03d74 · 2022-11-22T13:47:53.000+01:00
* Make LDAP attribute mapping case-insensitive

* Add test case with attribute name different from schema's

* Add fix to getArrayAttribute also and add test with mismatched letter
case.

* Update pkg/services/ldap/helpers.go

Co-authored-by: Misi &lt;mgyongyosi@users.noreply.github.com&gt;
diff --git a/pkg/services/ldap/helpers.go b/pkg/services/ldap/helpers.go
@@ -34,7 +34,7 @@ func getAttribute(name string, entry *ldap.Entry) string {
 	}
 
 	for _, attr := range entry.Attributes {
-		if attr.Name == name {
+		if strings.EqualFold(attr.Name, name) {
 			if len(attr.Values) > 0 {
 				return attr.Values[0]
 			}
@@ -49,7 +49,7 @@ func getArrayAttribute(name string, entry *ldap.Entry) []string {
 	}
 
 	for _, attr := range entry.Attributes {
-		if attr.Name == name && len(attr.Values) > 0 {
+		if strings.EqualFold(attr.Name, name) && len(attr.Values) > 0 {
 			return attr.Values
 		}
 	}
diff --git a/pkg/services/ldap/ldap_helpers_test.go b/pkg/services/ldap/ldap_helpers_test.go
@@ -83,6 +83,20 @@ func TestGetAttribute(t *testing.T) {
 		assert.Equal(t, value, result)
 	})
 
+	t.Run("letter case mismatch", func(t *testing.T) {
+		value := "roelgerrits"
+		entry := &ldap.Entry{
+			Attributes: []*ldap.EntryAttribute{
+				{
+					Name: "sAMAccountName", Values: []string{value},
+				},
+			},
+		}
+
+		result := getAttribute("samaccountname", entry)
+		assert.Equal(t, value, result)
+	})
+
 	t.Run("no result", func(t *testing.T) {
 		value := []string{"roelgerrits"}
 		entry := &ldap.Entry{
@@ -124,6 +138,21 @@ func TestGetArrayAttribute(t *testing.T) {
 		assert.EqualValues(t, value, result)
 	})
 
+	t.Run("letter case mismatch", func(t *testing.T) {
+		value := []string{"CN=Administrators,CN=Builtin,DC=grafana,DC=org"}
+		entry := &ldap.Entry{
+			Attributes: []*ldap.EntryAttribute{
+				{
+					Name: "memberOf", Values: value,
+				},
+			},
+		}
+
+		result := getArrayAttribute("memberof", entry)
+
+		assert.EqualValues(t, value, result)
+	})
+
 	t.Run("no result", func(t *testing.T) {
 		value := []string{"roelgerrits"}
 		entry := &ldap.Entry{

Original file line number	Diff line number	Diff line change
`@@ -34,7 +34,7 @@ func getAttribute(name string, entry *ldap.Entry) string {`
`34`	`34`	`}`
`35`	`35`
`36`	`36`	`for _, attr := range entry.Attributes {`
`37`		`- if attr.Name == name {`
	`37`	`+ if strings.EqualFold(attr.Name, name) {`
`38`	`38`	`if len(attr.Values) > 0 {`
`39`	`39`	`return attr.Values[0]`
`40`	`40`	`}`
`@@ -49,7 +49,7 @@ func getArrayAttribute(name string, entry *ldap.Entry) []string {`
`49`	`49`	`}`
`50`	`50`
`51`	`51`	`for _, attr := range entry.Attributes {`
`52`		`- if attr.Name == name && len(attr.Values) > 0 {`
	`52`	`+ if strings.EqualFold(attr.Name, name) && len(attr.Values) > 0 {`
`53`	`53`	`return attr.Values`
`54`	`54`	`}`
`55`	`55`	`}`