Commit e1b9d361 by Tomasz Torcz Committed by Torkel Ödegaard

case-insensitive LDAP group comparison (#9926)

* ldap: case-insensitive LDAP group comparison

According to RFC2251 4.1.5, LDAP strings are case-insensitive. Disregard case when comparing group mappings.

* ldap: add test for case-insensitive group mapping
parent 3d9ea3f1
......@@ -53,6 +53,20 @@ func TestLdapAuther(t *testing.T) {
So(result, ShouldEqual, user1)
})
ldapAutherScenario("Given group match with different case", func(sc *scenarioContext) {
ldapAuther := NewLdapAuthenticator(&LdapServerConf{
LdapGroups: []*LdapGroupToOrgRole{
{GroupDN: "cn=users", OrgRole: "Admin"},
},
})
sc.userQueryReturns(user1)
result, err := ldapAuther.GetGrafanaUserFor(&LdapUserInfo{MemberOf: []string{"CN=users"}})
So(err, ShouldBeNil)
So(result, ShouldEqual, user1)
})
ldapAutherScenario("Given no existing grafana user", func(sc *scenarioContext) {
ldapAuther := NewLdapAuthenticator(&LdapServerConf{
LdapGroups: []*LdapGroupToOrgRole{
......
package login
import (
"strings"
)
type LdapUserInfo struct {
DN string
FirstName string
......@@ -15,7 +19,7 @@ func (u *LdapUserInfo) isMemberOf(group string) bool {
}
for _, member := range u.MemberOf {
if member == group {
if strings.EqualFold(member, group) {
return true
}
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment