Add lower case user attribute keys configs

hashicorp · Mar 27, 2024 · d1fc2bd · d1fc2bd
1 parent 8254035
commit d1fc2bd
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 10 deletions.
diff --git a/ldap/client.go b/ldap/client.go
@@ -273,7 +273,11 @@ func (c *Client) Authenticate(ctx context.Context, username, password string, op
 			return nil, fmt.Errorf("%s: failed to get user attributes: %w", op, err)
 		}
 		for _, a := range attrs {
-			userAttrs[strings.ToLower(a.Name)] = a.Vals
+			name := a.Name
+			if c.conf.LowerUserAttributeKeys || opts.withLowerUserAttributeKeys {
+				name = strings.ToLower(a.Name)
+			}
+			userAttrs[name] = a.Vals
 		}
 	}
 	if !opts.withGroups && !c.conf.IncludeUserGroups {

diff --git a/ldap/config.go b/ldap/config.go
@@ -200,6 +200,11 @@ type ClientConfig struct {
 	// AD (unicodePwd) will always be excluded.
 	ExcludedUserAttributes []string
 
+	// LowerUserAttributeKeys optionally specifies that the authenticating user's
+	// DN and attributes be included in AuthResult use lowercase key names rather
+	// than the default camel case.
+	LowerUserAttributeKeys bool
+
 	// IncludeUserGroups optionally specifies that the authenticating user's
 	// group membership be included an authentication AuthResult.
 	IncludeUserGroups bool

diff --git a/ldap/options.go b/ldap/options.go
@@ -8,15 +8,16 @@ package ldap
 type Option func(interface{})
 
 type configOptions struct {
-	withURLs           []string
-	withInsecureTLS    bool
-	withTLSMinVersion  string
-	withTLSMaxVersion  string
-	withCertificates   []string
-	withClientTLSCert  string
-	withClientTLSKey   string
-	withGroups         bool
-	withUserAttributes bool
+	withURLs                   []string
+	withInsecureTLS            bool
+	withTLSMinVersion          string
+	withTLSMaxVersion          string
+	withCertificates           []string
+	withClientTLSCert          string
+	withClientTLSKey           string
+	withGroups                 bool
+	withUserAttributes         bool
+	withLowerUserAttributeKeys bool
 }
 
 func configDefaults() configOptions {
@@ -75,6 +76,18 @@ func WithUserAttributes() Option {
 	}
 }
 
+// WithLowerUserAttributeKeys returns a User Attribute map where the keys
+// are all cast to lower case. This is neccessary for some clients, such as Vault,
+// where user configured user attribute key names have always been stored lower case.
+func WithLowerUserAttributeKeys() Option {
+	return func(o interface{}) {
+		switch v := o.(type) {
+		case *configOptions:
+			v.withLowerUserAttributeKeys = true
+		}
+	}
+}
+
 func withTLSMinVersion(version string) Option {
 	return func(o interface{}) {
 		switch v := o.(type) {