From 183a310fc0cd913d22a5c868e95add2c70345522 Mon Sep 17 00:00:00 2001
From: Timm Fitschen <t.fitschen@indiscale.com>
Date: Tue, 26 Apr 2022 11:23:58 +0200
Subject: [PATCH] WIP: ldap_authentication.sh common name case-insensitive

---
 misc/pam_authentication/ldap_authentication.sh | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/misc/pam_authentication/ldap_authentication.sh b/misc/pam_authentication/ldap_authentication.sh
index 052458cf..e58b5caa 100755
--- a/misc/pam_authentication/ldap_authentication.sh
+++ b/misc/pam_authentication/ldap_authentication.sh
@@ -38,7 +38,10 @@ WHO_AM_I_PATTERN="${WHO_AM_I_PATTERN:-"dn:cn=\${USER_NAME},\${USER_BASE}"}"
 # If the second argument is empty or "-", take password from stdin, else use the argument as a file.
 testpw() {
     local USER_NAME bind_dn who_am_i pwfile pwargs result
-    USER_NAME="$1"
+
+    # cn is case-insensitive https://ldapwiki.com/wiki/Distinguished%20Name%20Case%20Sensitivity
+    USER_NAME="$(echo "$1" | tr '[:upper:]' '[:lower:]')"
+
     bind_dn="$(eval "echo \"$BIND_DN_PATTERN\"")"
     who_am_i="$(eval "echo \"$WHO_AM_I_PATTERN\"")"
 
-- 
GitLab