App cache: Match attribute case-insensitively

Working on #22
privacyidea · Jun 29, 2017 · cc0dd59 · cc0dd59
1 parent a25ab69
commit cc0dd59
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 5 deletions.
diff --git a/pi_ldapproxy/realmmapping.py b/pi_ldapproxy/realmmapping.py
@@ -13,8 +13,8 @@ def find_app_marker(filter, attribute='objectclass', value_prefix='App-'):
     e.g. (objectclass=App-ownCloud).
     It may be nested in &() and |() expressions.
     :param filter: ldaptor filter
-    :param attribute: attribute name whose value contains the app marker
-    :param value_prefix: prefix of the app marker
+    :param attribute: attribute name whose value contains the app marker (matched case-insensitively)
+    :param value_prefix: prefix of the app marker (matched case-sensitively)
     :return: None or an app marker (a string)
     """
     if isinstance(filter, LDAPFilter_and) or isinstance(filter, LDAPFilter_or):
@@ -25,7 +25,7 @@ def find_app_marker(filter, attribute='objectclass', value_prefix='App-'):
                 return app_marker
     elif isinstance(filter, LDAPFilter_equalityMatch):
         # check attribute name and value prefix
-        if filter.attributeDesc.value == attribute:
+        if filter.attributeDesc.value.lower() == attribute.lower():
             value = filter.assertionValue.value
             if value.startswith(value_prefix):
                 return value[len(value_prefix):]

diff --git a/pi_ldapproxy/test/test_proxy_app_cache.py b/pi_ldapproxy/test/test_proxy_app_cache.py
@@ -56,7 +56,7 @@ def _test_realm_mapping(self, marker, realm, password):
         )
         # Perform a simple search in the context of the service account
         entry = LDAPEntry(client, dn)
-        r = yield entry.search('(|(objectClass=*)(objectclass=App-%s))' % marker, scope=pureldap.LDAP_SCOPE_baseObject)
+        r = yield entry.search('(|(objectClass=*)(objectcLAsS=App-%s))' % marker, scope=pureldap.LDAP_SCOPE_baseObject)
         # sleep half a second and then try to bind as hugo
         time.sleep(0.5)
         yield client.bind(dn, password)

diff --git a/pi_ldapproxy/test/test_realmmapping.py b/pi_ldapproxy/test/test_realmmapping.py
@@ -33,7 +33,7 @@ def test_detect_login_preamble(self):
 
         self.assertIsNone(detect_login_preamble(request, pureldap.LDAPSearchResultDone(0)))
 
-        filter = parseFilter('(&(|(objectclass=person)(someAttribute=Foo-someApp))(cn=user123))')
+        filter = parseFilter('(&(|(objectclass=person)(someATTRIBuTE=Foo-someApp))(cn=user123))')
         request = pureldap.LDAPSearchRequest(baseObject='cn=users,dc=test,dc=local',
                                              scope=pureldap.LDAP_SCOPE_wholeSubtree, derefAliases=0,
                                              sizeLimit=0, timeLimit=0, typesOnly=0,