From d8df05bce4d6e6abdc2c5ab7ca94e7a86a9f2cf3 Mon Sep 17 00:00:00 2001
From: Sean Houghton <sean.houghton@gmail.com>
Date: Thu, 7 Oct 2021 15:46:00 -0700
Subject: [PATCH] ldap: remove escape characters from search DN

Names in "last, first" format end up with a backslash escape character which breaks searches
---
 internal/ldapclient/ldapclient.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/internal/ldapclient/ldapclient.go b/internal/ldapclient/ldapclient.go
index 900e93b..fdfcbf1 100644
--- a/internal/ldapclient/ldapclient.go
+++ b/internal/ldapclient/ldapclient.go
@@ -180,7 +180,8 @@ func (cli *Client) FindOIDCClaims(ctx context.Context, username string) (map[str
 
 	// User's roles is stored in LDAP as groups. We find all groups in a role's DN
 	// that include the user as a member.
-	entries, err := cn.SearchUserRoles(fmt.Sprintf("%s", details["dn"]), "dn", cli.RoleAttr)
+	sanitizedDN := strings.Replace(fmt.Sprintf("%s", details["dn"]), "\\", "", -1)
+	entries, err := cn.SearchUserRoles(sanitizedDN, "dn", cli.RoleAttr)
 	if err != nil {
 		return nil, err
 	}