case-insensitive LDAP group comparison (#9926)

* ldap: case-insensitive LDAP group comparison According to RFC2251 4.1.5, LDAP strings are case-insensitive. Disregard case when comparing group mappings. * ldap: add test for case-insensitive group mapping

case-insensitive LDAP group comparison (#9926)
* ldap: case-insensitive LDAP group comparison According to RFC2251 4.1.5, LDAP strings are case-insensitive. Disregard case when comparing group mappings. * ldap: add test for case-insensitive group mapping
e1b9d361 · Tomasz Torcz · Torkel Ödegaard · 3d9ea3f1 · e1b9d361 · e1b9d361
Commit e1b9d361 authored May 08, 2018 by Tomasz Torcz Committed by Torkel Ödegaard May 08, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 19 additions and 1 deletions

pkg/login/ldap_test.go
+14 -0

pkg/login/ldap_user.go
+5 -1

No files found.
--- a/pkg/login/ldap_test.go
+++ b/pkg/login/ldap_test.go
@@ -53,6 +53,20 @@ func TestLdapAuther(t *testing.T) {
 			So(result, ShouldEqual, user1)
 		})
+		ldapAutherScenario("Given group match with different case", func(sc *scenarioContext) {
+			ldapAuther := NewLdapAuthenticator(&LdapServerConf{
+				LdapGroups: []*LdapGroupToOrgRole{
+					{GroupDN: "cn=users", OrgRole: "Admin"},
+				},
+			})
+			sc.userQueryReturns(user1)
+			result, err := ldapAuther.GetGrafanaUserFor(&LdapUserInfo{MemberOf: []string{"CN=users"}})
+			So(err, ShouldBeNil)
+			So(result, ShouldEqual, user1)
+		})
 		ldapAutherScenario("Given no existing grafana user", func(sc *scenarioContext) {
 			ldapAuther := NewLdapAuthenticator(&LdapServerConf{
 				LdapGroups: []*LdapGroupToOrgRole{

--- a/pkg/login/ldap_user.go
+++ b/pkg/login/ldap_user.go
 package login
+import (
+	"strings"
+)
 type LdapUserInfo struct {
 	DN        string
 	FirstName string
@@ -15,7 +19,7 @@ func (u *LdapUserInfo) isMemberOf(group string) bool {
 	}
 	for _, member := range u.MemberOf {
-		if member == group {
+		if strings.EqualFold(member, group) {
 			return true
 		}
 	}