From 583df47c2f1a4b496132c1919e9ac3ee6c63640c Mon Sep 17 00:00:00 2001
From: Dan Cech <dan@aussiedan.com>
Date: Tue, 26 Jun 2018 09:14:55 +0200
Subject: [PATCH] handle "dn" ldap attribute more gracefully (#12385)

* handle "dn" ldap attribute more gracefully

* use strings.ToLower
---
 pkg/login/ldap.go | 11 ++---------
 1 file changed, 2 insertions(+), 9 deletions(-)

diff --git a/pkg/login/ldap.go b/pkg/login/ldap.go
index 2f25b453a17..026a94fa43e 100644
--- a/pkg/login/ldap.go
+++ b/pkg/login/ldap.go
@@ -308,9 +308,6 @@ func (a *ldapAuther) searchForUser(username string) (*LdapUserInfo, error) {
 			} else {
 				filter_replace = getLdapAttr(a.server.GroupSearchFilterUserAttribute, searchResult)
 			}
-			if a.server.GroupSearchFilterUserAttribute == "dn" {
-				filter_replace = searchResult.Entries[0].DN
-			}
 
 			filter := strings.Replace(a.server.GroupSearchFilter, "%s", ldap.EscapeFilter(filter_replace), -1)
 
@@ -334,11 +331,7 @@ func (a *ldapAuther) searchForUser(username string) (*LdapUserInfo, error) {
 
 			if len(groupSearchResult.Entries) > 0 {
 				for i := range groupSearchResult.Entries {
-					if a.server.Attr.MemberOf == "dn" {
-						memberOf = append(memberOf, groupSearchResult.Entries[i].DN)
-					} else {
-						memberOf = append(memberOf, getLdapAttrN(a.server.Attr.MemberOf, groupSearchResult, i))
-					}
+					memberOf = append(memberOf, getLdapAttrN(a.server.Attr.MemberOf, groupSearchResult, i))
 				}
 				break
 			}
@@ -356,7 +349,7 @@ func (a *ldapAuther) searchForUser(username string) (*LdapUserInfo, error) {
 }
 
 func getLdapAttrN(name string, result *ldap.SearchResult, n int) string {
-	if name == "DN" {
+	if strings.ToLower(name) == "dn" {
 		return result.Entries[n].DN
 	}
 	for _, attr := range result.Entries[n].Attributes {