From 0de3b59177a2273790ce98f45d6b197a0329b2cb Mon Sep 17 00:00:00 2001
From: Leonhard Oelke <leonhard@in-verted.de>
Date: Wed, 22 May 2024 11:39:07 +0000
Subject: [PATCH] fix: Allow for lowercase token in ldap dn

Update the validation regex to allow for lowercase LDIF field names in
the dn (e.g. CN=foo vs cn=foo).

Minio recently changed behaviour by using case sensitive ldap queries.
This makes it necessary to specify the distinguished name for user/group
policy attachments exactly in the same case as the server.
---
 minio/resource_minio_iam_group.go      | 2 +-
 minio/resource_minio_iam_group_test.go | 2 ++
 minio/resource_minio_iam_user.go       | 2 +-
 minio/resource_minio_iam_user_test.go  | 1 +
 4 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/minio/resource_minio_iam_group.go b/minio/resource_minio_iam_group.go
index 01d083bb..f8ba4da5 100644
--- a/minio/resource_minio_iam_group.go
+++ b/minio/resource_minio_iam_group.go
@@ -14,7 +14,7 @@ import (
 )
 
 var (
-	LDAPGroupDistinguishedNamePattern = regexp.MustCompile(`^(?:((?:(?:CN|OU)=[^,]+,?)+),)+((?:DC=[^,]+,?)+)$`)
+	LDAPGroupDistinguishedNamePattern = regexp.MustCompile(`^(?:((?:(?:CN|cn|OU|ou)=[^,]+,?)+),)+((?:(?:DC|dc)=[^,]+,?)+)$`)
 	StaticGroupNamePattern            = regexp.MustCompile(`^[0-9A-Za-z=,.@\-_+]+$`)
 )
 
diff --git a/minio/resource_minio_iam_group_test.go b/minio/resource_minio_iam_group_test.go
index e267aa8a..9a03188b 100644
--- a/minio/resource_minio_iam_group_test.go
+++ b/minio/resource_minio_iam_group_test.go
@@ -22,6 +22,8 @@ func TestValidateMinioIamGroupName(t *testing.T) {
 		"test.123,user",
 		"testuser@minio",
 		"test+user@minio.io",
+		"CN=ADMINS,OU=Groups,DC=gr-u,DC=it",
+		"cn=ADMINS,ou=Groups,dc=gr-u,dc=it",
 	}
 
 	for _, minioName := range minioValidNames {
diff --git a/minio/resource_minio_iam_user.go b/minio/resource_minio_iam_user.go
index 978ee97f..cf960825 100644
--- a/minio/resource_minio_iam_user.go
+++ b/minio/resource_minio_iam_user.go
@@ -15,7 +15,7 @@ import (
 )
 
 var (
-	LDAPUserDistinguishedNamePattern = regexp.MustCompile(`^(?:(CN=([^,]*)),)+(?:((?:(?:CN|OU)=[^,]+,?)+),)+((?:DC=[^,]+,?)+)$`)
+	LDAPUserDistinguishedNamePattern = regexp.MustCompile(`^(?:((?:CN|cn)=([^,]*)),)+(?:((?:(?:CN|cn|OU|ou)=[^,]+,?)+),)+((?:(?:DC|dc)=[^,]+,?)+)$`)
 	StaticUserNamePattern            = regexp.MustCompile(`^[0-9A-Za-z=,.@\-_+]+$`)
 )
 
diff --git a/minio/resource_minio_iam_user_test.go b/minio/resource_minio_iam_user_test.go
index 172c162a..eeb7e292 100644
--- a/minio/resource_minio_iam_user_test.go
+++ b/minio/resource_minio_iam_user_test.go
@@ -27,6 +27,7 @@ func TestValidateMinioIamUserName(t *testing.T) {
 		"testuser@minio",
 		"test+user@minio.io",
 		"CN=Backup Operators,CN=Builtin,DC=gr-u,DC=it",
+		"cn=Backup Operators,cn=Builtin,dc=gr-u,dc=it",
 		"CN=View-Only Organization Management,OU=Microsoft Exchange Security Groups,DC=gr-u,DC=it",
 	}