Default groupSearch.attributes.groupName to "dn" instead of "cn"

- DNs are more unique than CNs, so it feels like a safer default
2026-04-15 07:06:45 +00:00 · 2021-05-28 13:27:11 -07:00
parent a741041737
commit cedbe82bbb
19 changed files with 81 additions and 45 deletions
--- a/test/integration/ldap_client_test.go
+++ b/test/integration/ldap_client_test.go
@@ -243,6 +243,20 @@ func TestLDAPSearch(t *testing.T) {
 				}},
 			},
 		},
+		{
+			name:     "using the default group name attribute, which is dn",
+			username: "pinny",
+			password: pinnyPassword,
+			provider: upstreamldap.New(*providerConfig(func(p *upstreamldap.ProviderConfig) {
+				p.GroupSearch.GroupNameAttribute = ""
+			})),
+			wantAuthResponse: &authenticator.Response{
+				User: &user.DefaultInfo{Name: "pinny", UID: b64("1000"), Groups: []string{
+					"cn=ball-game-players,ou=beach-groups,ou=groups,dc=pinniped,dc=dev",
+					"cn=seals,ou=groups,dc=pinniped,dc=dev",
+				}},
+			},
+		},
 		{
 			name:     "using some other custom group name attribute",
 			username: "pinny",
@@ -675,8 +689,8 @@ func defaultProviderConfig(env *library.TestEnv, port string) *upstreamldap.Prov
 		},
 		GroupSearch: upstreamldap.GroupSearchConfig{
 			Base:               "ou=groups,dc=pinniped,dc=dev",
-			Filter:             "", // defaults to member={}
-			GroupNameAttribute: "", // defaults to cn
+			Filter:             "",   // defaults to member={}
+			GroupNameAttribute: "cn", // defaults to dn, but here we set it to cn
 		},
 	}
 }