diff --git a/src/common/utils/ldap/ldap.go b/src/common/utils/ldap/ldap.go
index e4e820820..a3a351a1c 100644
--- a/src/common/utils/ldap/ldap.go
+++ b/src/common/utils/ldap/ldap.go
@@ -434,11 +434,11 @@ func (session *Session) searchGroup(groupDN, filter, gName, groupNameAttribute s
 
 // UnderBaseDN - check if the childDN is under the baseDN, if the baseDN equals current DN, return true
 func UnderBaseDN(baseDN, childDN string) (bool, error) {
-	base, err := goldap.ParseDN(baseDN)
+	base, err := goldap.ParseDN(strings.ToLower(baseDN))
 	if err != nil {
 		return false, err
 	}
-	child, err := goldap.ParseDN(childDN)
+	child, err := goldap.ParseDN(strings.ToLower(childDN))
 	if err != nil {
 		return false, err
 	}
diff --git a/src/common/utils/ldap/ldap_test.go b/src/common/utils/ldap/ldap_test.go
index e2cedc27c..032f06c84 100644
--- a/src/common/utils/ldap/ldap_test.go
+++ b/src/common/utils/ldap/ldap_test.go
@@ -615,6 +615,12 @@ func TestUnderBaseDN(t *testing.T) {
 			wantError: true,
 			want:      false,
 		},
+		{
+			name:      `should be case-insensitive`,
+			in:        args{"CN=Users,CN=harbor,DC=com", "cn=harbor_group_1,cn=users,cn=harbor,dc=com"},
+			wantError: false,
+			want:      true,
+		},
 	}
 	for _, tt := range cases {
 		t.Run(tt.name, func(t *testing.T) {