From ca245d3545941b6afbf7544740f71b1a5e3bda09 Mon Sep 17 00:00:00 2001
From: stonezdj <stonezdj@gmail.com>
Date: Fri, 27 Nov 2020 10:30:19 +0800
Subject: [PATCH] Lowercase the LDAP DN in UnderBaseDN Fixes #13362: Unable to
 add LDAP group with different letter case in DN

Signed-off-by: stonezdj <stonezdj@gmail.com>
---
 src/common/utils/ldap/ldap.go      | 4 ++--
 src/common/utils/ldap/ldap_test.go | 6 ++++++
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/common/utils/ldap/ldap.go b/src/common/utils/ldap/ldap.go
index ca0ade095..a62ecfa3a 100644
--- a/src/common/utils/ldap/ldap.go
+++ b/src/common/utils/ldap/ldap.go
@@ -434,11 +434,11 @@ func (session *Session) searchGroup(groupDN, filter, gName, groupNameAttribute s
 
 // UnderBaseDN - check if the childDN is under the baseDN, if the baseDN equals current DN, return true
 func UnderBaseDN(baseDN, childDN string) (bool, error) {
-	base, err := goldap.ParseDN(baseDN)
+	base, err := goldap.ParseDN(strings.ToLower(baseDN))
 	if err != nil {
 		return false, err
 	}
-	child, err := goldap.ParseDN(childDN)
+	child, err := goldap.ParseDN(strings.ToLower(childDN))
 	if err != nil {
 		return false, err
 	}
diff --git a/src/common/utils/ldap/ldap_test.go b/src/common/utils/ldap/ldap_test.go
index 2fa66760d..f9151ce8a 100644
--- a/src/common/utils/ldap/ldap_test.go
+++ b/src/common/utils/ldap/ldap_test.go
@@ -517,6 +517,12 @@ func TestUnderBaseDN(t *testing.T) {
 			wantError: true,
 			want:      false,
 		},
+		{
+			name:      `should be case-insensitive`,
+			in:        args{"CN=Users,CN=harbor,DC=com", "cn=harbor_group_1,cn=users,cn=harbor,dc=com"},
+			wantError: false,
+			want:      true,
+		},
 	}
 	for _, tt := range cases {
 		t.Run(tt.name, func(t *testing.T) {