allow LDAP mapping values to be lowercased (#348)

Add the ability to lowercase values when creating label mappings from LDAP attributes. In the example the groups that the user is a member of could be mixed case which would make an ACL like: match: { account: "/.+/", name: "${labels:groups}/*" } Not possible. But with this change and the example applied it would be possible.
cesanta · Sep 28, 2022 · e0f6301 · e0f6301
1 parent 1111a3e
commit e0f6301
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 0 deletions.
diff --git a/auth_server/authn/ldap_auth.go b/auth_server/authn/ldap_auth.go
@@ -32,6 +32,7 @@ import (
 type LabelMap struct {
 	Attribute string `yaml:"attribute,omitempty"`
 	ParseCN   bool   `yaml:"parse_cn,omitempty"`
+	LowerCase bool   `yaml:"lower_case",omitempty"`
 }
 
 type LDAPAuthConfig struct {
@@ -299,6 +300,11 @@ func (la *LDAPAuth) getLabelsFromMap(attrMap map[string][]string) (map[string][]
 					mappingValues[i] = cn
 				}
 			}
+			if mapping.LowerCase {
+				for i, value := range mappingValues {
+					mappingValues[i] = strings.ToLower(value)
+				}
+			}
 			labels[key] = mappingValues
 		}
 	}

diff --git a/examples/reference.yml b/examples/reference.yml
@@ -260,6 +260,8 @@ ldap_auth:
       attribute: memberOf
       # Special handling to simplify the values to just the common name
       parse_cn: true
+      # lower case the value
+      lower_case: true
 
 mongo_auth:
   # Essentially all options are described here: https://godoc.org/gopkg.in/mgo.v2#DialInfo