From 92f18b196f090d8a518a97ceacaa81705ee38b86 Mon Sep 17 00:00:00 2001
From: Ben Gollmer <jatoben@github.com>
Date: Fri, 8 May 2015 23:56:07 +0200
Subject: [PATCH] Compare AD DNs case-insensitively when checking group
 membership

---
 .../ldap/membership_validators/active_directory.rb       | 3 ++-
 test/membership_validators/active_directory_test.rb      | 9 +++++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/lib/github/ldap/membership_validators/active_directory.rb b/lib/github/ldap/membership_validators/active_directory.rb
index 0c531c4..69b9bc8 100644
--- a/lib/github/ldap/membership_validators/active_directory.rb
+++ b/lib/github/ldap/membership_validators/active_directory.rb
@@ -31,7 +31,8 @@ module GitHub
             attributes: ATTRS
 
           # membership validated if entry was matched and returned as a result
-          matched.map(&:dn).include?(entry.dn)
+          # Active Directory DNs are case-insensitive
+          matched.map { |m| m.dn.downcase }.include?(entry.dn.downcase)
         end
 
         # Internal: Constructs a membership filter using the "in chain"
diff --git a/test/membership_validators/active_directory_test.rb b/test/membership_validators/active_directory_test.rb
index 0caafe2..956fbc5 100644
--- a/test/membership_validators/active_directory_test.rb
+++ b/test/membership_validators/active_directory_test.rb
@@ -123,4 +123,13 @@ class GitHubLdapActiveDirectoryMembershipValidatorsIntegrationTest < GitHub::Lda
     validator = make_validator(%w(posix-group1))
     assert validator.perform(@entry)
   end
+
+  def test_validates_user_in_group_with_differently_cased_dn
+    validator = make_validator(%w(all-users))
+    @entry[:dn].map(&:upcase!)
+    assert validator.perform(@entry)
+
+    @entry[:dn].map(&:downcase!)
+    assert validator.perform(@entry)
+  end
 end