Add config option :bothcase_name

config/sample-config2.yaml

@@ -25,6 +25,8 @@ ldap_users:
   name_attribute: sAMAccountName
   # lowercase name for use as PG role name
   lowercase_name: true
+  # Add lowercase name *and* original name for use as PG role names (useful for migrating between case types)
+  bothcase_name: false
 
 # Search parameters for LDAP groups which should be synchronized
 ldap_groups:

config/schema.yaml

@@ -20,6 +20,9 @@ mapping:
       "lowercase_name":
         type: bool
         required:  no
+      "bothcase_name":
+        type: bool
+        required:  no
 
   "ldap_groups":
     type: map
@@ -37,6 +40,9 @@ mapping:
       "lowercase_name":
         type: bool
         required:  no
+      "bothcase_name":
+        type: bool
+        required:  no
       "member_attribute":
         type: str
         required:  yes

lib/pg_ldap_sync/application.rb

@@ -61,11 +61,19 @@ class Application
         log.warn "user attribute #{ldap_user_conf[:name_attribute].inspect} not defined for #{entry.dn}"
         next
       end
-      name.downcase! if ldap_user_conf[:lowercase_name]
-
       log.info "found user-dn: #{entry.dn}"
-      user = LdapRole.new name, entry.dn
+
-      users << user
+      names = if ldap_user_conf[:bothcase_name]
+        [name, name.downcase].uniq
+      elsif ldap_user_conf[:lowercase_name]
+        [name.downcase]
+      else
+        [name]
+      end
+
+      names.each do |n|
+        users << LdapRole.new(n, entry.dn)
+      end
       entry.each do |attribute, values|
         log.debug "   #{attribute}:"
         values.each do |value|
@@ -88,11 +96,19 @@ class Application
         log.warn "user attribute #{ldap_group_conf[:name_attribute].inspect} not defined for #{entry.dn}"
         next
       end
-      name.downcase! if ldap_group_conf[:lowercase_name]
-
       log.info "found group-dn: #{entry.dn}"
-      group = LdapRole.new name, entry.dn, entry[ldap_group_conf[:member_attribute]]
+
-      groups << group
+      names = if ldap_group_conf[:bothcase_name]
+        [name, name.downcase].uniq
+      elsif ldap_group_conf[:lowercase_name]
+        [name.downcase]
+      else
+        [name]
+      end
+
+      names.each do |n|
+        groups << LdapRole.new(n, entry.dn, entry[ldap_group_conf[:member_attribute]])
+      end
       entry.each do |attribute, values|
         log.debug "   #{attribute}:"
         values.each do |value|

test/fixtures/config-ldapdb-bothcase.yaml

@@ -0,0 +1,34 @@
+---
+ldap_connection:
+  host: localhost
+  port: 1389
+
+ldap_users:
+  base: dc=example,dc=com
+  filter: (sAMAccountName=*)
+  name_attribute: sAMAccountName
+  bothcase_name: true
+
+ldap_groups:
+  base: dc=example,dc=com
+  filter: (member=*)
+  name_attribute: cn
+  bothcase_name: true
+  member_attribute: member
+
+pg_connection:
+  dbname: postgres
+  host: localhost
+  port: 54321
+# needed for postgres-pr:
+#   user: insert_your_username_here
+#   password:
+
+pg_users:
+  filter: rolcanlogin AND NOT rolsuper AND rolname!='double_user'
+  create_options: LOGIN
+
+pg_groups:
+  filter: NOT rolcanlogin
+  create_options: NOLOGIN
+  grant_options:

test/fixtures/ldapdb.yaml

@@ -11,14 +11,14 @@ cn=Fred Flintstone,dc=example,dc=com:
   sn:
   - Flintstone
   sAMAccountName:
-  - fred
+  - Fred
 cn=Wilma Flintstone,dc=example,dc=com:
   cn:
   - Wilma Flintstone
   mail:
   - wilma@bedrock.org
   sAMAccountName:
-  - wilma
+  - Wilma
 cn=Flintstones,dc=example,dc=com:
   cn:
   - Flintstones

test/test_pg_ldap_sync.rb

@@ -83,7 +83,7 @@ class TestPgLdapSync < Minitest::Test
   end
 
   def setup
-    @pgconn.exec "DROP ROLE IF EXISTS fred, wilma, \"Flintstones\", \"Wilmas\", \"All Users\", double_user"
+    @pgconn.exec "DROP ROLE IF EXISTS \"Fred\", fred, \"Wilma\", wilma, \"Flintstones\", \"flintstones\", \"Wilmas\", \"wilmas\", \"All Users\", double_user"
   end
 
   def assert_role(role_name, attrs, member_of=[])
@@ -130,12 +130,12 @@ class TestPgLdapSync < Minitest::Test
     sync_with_config(config)
   end
 
-  def sync_change
+  def sync_change(fixture: "ldapdb", config: "config-ldapdb")
-    sync_to_fixture
+    sync_to_fixture(fixture: fixture, config: config)
 
     yield(@directory)
 
-    sync_with_config
+    sync_with_config(config)
     exec_psql_du if $DEBUG
   end
 
@@ -153,8 +153,8 @@ class TestPgLdapSync < Minitest::Test
     assert_role('All Users', 'Cannot login')
     assert_role('Flintstones', 'Cannot login')
     assert_role('Wilmas', 'Cannot login', ['All Users'])
-    assert_role('fred', '', ['All Users', 'Flintstones'])
+    assert_role('Fred', '', ['All Users', 'Flintstones'])
-    assert_role('wilma', '', ['Flintstones', 'Wilmas'])
+    assert_role('Wilma', '', ['Flintstones', 'Wilmas'])
   end
 
   def test_add_membership
@@ -162,7 +162,15 @@ class TestPgLdapSync < Minitest::Test
       # add 'Fred' to 'Wilmas'
       @directory[0]['cn=Wilmas,dc=example,dc=com']['member'] << 'cn=Fred Flintstone,dc=example,dc=com'
     end
-    assert_role('fred', '', ['All Users', 'Flintstones', 'Wilmas'])
+    assert_role('Fred', '', ['All Users', 'Flintstones', 'Wilmas'])
+  end
+
+  def test_add_membership_bothcase
+    sync_change(config: "config-ldapdb-bothcase") do |dir|
+      # add 'Fred' to 'Wilmas'
+      @directory[0]['cn=Wilmas,dc=example,dc=com']['member'] << 'cn=Fred Flintstone,dc=example,dc=com'
+    end
+    assert_role('fred', '', ['All Users', 'all users', 'Flintstones', 'flintstones', 'Wilmas', 'wilmas'])
   end
 
   def test_revoke_membership
@@ -170,7 +178,7 @@ class TestPgLdapSync < Minitest::Test
       # revoke membership of 'wilma' to 'Flintstones'
       dir[0]['cn=Flintstones,dc=example,dc=com']['member'].pop
     end
-    assert_role('wilma', '', ['Wilmas'])
+    assert_role('Wilma', '', ['Wilmas'])
   end
 
   def test_rename_role
@@ -179,6 +187,7 @@ class TestPgLdapSync < Minitest::Test
       dir[0]['cn=Wilma Flintstone,dc=example,dc=com']['sAMAccountName'] = ['Wilma Flintstone']
     end
     refute_role('wilma')
+    refute_role('Wilma')
     assert_role('Wilma Flintstone', '', ['Flintstones', 'Wilmas'])
   end