From e0f630157994f9970eab96c0c8c594b3ae0a6db6 Mon Sep 17 00:00:00 2001
From: Doug Goldstein <cardoe@cardoe.com>
Date: Wed, 28 Sep 2022 12:23:16 -0500
Subject: [PATCH] allow LDAP mapping values to be lowercased (#348)

Add the ability to lowercase values when creating label mappings from
LDAP attributes. In the example the groups that the user is a member of
could be mixed case which would make an ACL like:
  match: { account: "/.+/", name: "${labels:groups}/*" }
Not possible. But with this change and the example applied it would be
possible.
---
 auth_server/authn/ldap_auth.go | 6 ++++++
 examples/reference.yml         | 2 ++
 2 files changed, 8 insertions(+)

diff --git a/auth_server/authn/ldap_auth.go b/auth_server/authn/ldap_auth.go
index 02194fa4..cc837cd9 100644
--- a/auth_server/authn/ldap_auth.go
+++ b/auth_server/authn/ldap_auth.go
@@ -32,6 +32,7 @@ import (
 type LabelMap struct {
 	Attribute string `yaml:"attribute,omitempty"`
 	ParseCN   bool   `yaml:"parse_cn,omitempty"`
+	LowerCase bool   `yaml:"lower_case",omitempty"`
 }
 
 type LDAPAuthConfig struct {
@@ -299,6 +300,11 @@ func (la *LDAPAuth) getLabelsFromMap(attrMap map[string][]string) (map[string][]
 					mappingValues[i] = cn
 				}
 			}
+			if mapping.LowerCase {
+				for i, value := range mappingValues {
+					mappingValues[i] = strings.ToLower(value)
+				}
+			}
 			labels[key] = mappingValues
 		}
 	}
diff --git a/examples/reference.yml b/examples/reference.yml
index 96b6b0a5..b720d8a5 100644
--- a/examples/reference.yml
+++ b/examples/reference.yml
@@ -260,6 +260,8 @@ ldap_auth:
       attribute: memberOf
       # Special handling to simplify the values to just the common name
       parse_cn: true
+      # lower case the value
+      lower_case: true
 
 mongo_auth:
   # Essentially all options are described here: https://godoc.org/gopkg.in/mgo.v2#DialInfo