outposts/ldap: fix searches with mixed casing

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-12-09 20:55:51 +01:00
parent b472dcb7e7
commit 63a19a1381

View file

@ -3,6 +3,7 @@ package ldap
import ( import (
"errors" "errors"
"net" "net"
"strings"
"github.com/getsentry/sentry-go" "github.com/getsentry/sentry-go"
goldap "github.com/go-ldap/ldap/v3" goldap "github.com/go-ldap/ldap/v3"
@ -41,13 +42,13 @@ func (ls *LDAPServer) Search(bindDN string, searchReq ldap.SearchRequest, conn n
if searchReq.BaseDN == "" { if searchReq.BaseDN == "" {
return ldap.ServerSearchResult{ResultCode: ldap.LDAPResultSuccess}, nil return ldap.ServerSearchResult{ResultCode: ldap.LDAPResultSuccess}, nil
} }
bd, err := goldap.ParseDN(searchReq.BaseDN) bd, err := goldap.ParseDN(strings.ToLower(searchReq.BaseDN))
if err != nil { if err != nil {
req.Log().WithError(err).Info("failed to parse basedn") req.Log().WithError(err).Info("failed to parse basedn")
return ldap.ServerSearchResult{ResultCode: ldap.LDAPResultOperationsError}, errors.New("invalid DN") return ldap.ServerSearchResult{ResultCode: ldap.LDAPResultOperationsError}, errors.New("invalid DN")
} }
for _, provider := range ls.providers { for _, provider := range ls.providers {
providerBase, _ := goldap.ParseDN(provider.BaseDN) providerBase, _ := goldap.ParseDN(strings.ToLower(provider.BaseDN))
if providerBase.AncestorOf(bd) || providerBase.Equal(bd) { if providerBase.AncestorOf(bd) || providerBase.Equal(bd) {
return provider.searcher.Search(req) return provider.searcher.Search(req)
} }