From 508c24b10e01ecbab53e3787c24b3d0078d9c6fb Mon Sep 17 00:00:00 2001
From: Frode Nordahl <frode.nordahl@gmail.com>
Date: Sun, 14 Feb 2016 09:18:01 +0100
Subject: [PATCH] Get DN from entry, not entryDN attribute

Not all LDAP servers have entryDN available as an attribute. Reading up on
https://tools.ietf.org/html/rfc5020 tells me that entryDN is intended for
making the DN available for attribute value assertions. Thus it is not
mandatory for a LDAP server to make it available as an retrievable
attribute.

The DN is always a part of the entry returned in a search result, just use
it.

Fixes #314
---
 connector/connector_ldap.go | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/connector/connector_ldap.go b/connector/connector_ldap.go
index 2b7747c2..87aeaca1 100644
--- a/connector/connector_ldap.go
+++ b/connector/connector_ldap.go
@@ -288,7 +288,6 @@ func (m *LDAPIdentityProvider) Identity(username, password string) (*oidc.Identi
 		filter := m.ParseString(m.searchFilter, username)
 
 		attributes := []string{
-			"entryDN",
 			m.nameAttribute,
 			m.emailAttribute,
 		}
@@ -304,7 +303,7 @@ func (m *LDAPIdentityProvider) Identity(username, password string) (*oidc.Identi
 			return nil, err
 		}
 
-		bindDN = sr.Entries[0].GetAttributeValue("entryDN")
+		bindDN = sr.Entries[0].DN
 		ldapName = sr.Entries[0].GetAttributeValue(m.nameAttribute)
 		ldapEmail = sr.Entries[0].GetAttributeValue(m.emailAttribute)