From b5809a19af78c1e7fe26038db97c7f92004368e5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robin=20Hru=C5=A1ka?= <byewokko@seznam.cz>
Date: Fri, 13 Sep 2024 18:03:06 +0200
Subject: [PATCH] remove base check (case in/sensitivity issues)

---
 seacatauth/credentials/providers/ldap.py | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/seacatauth/credentials/providers/ldap.py b/seacatauth/credentials/providers/ldap.py
index 1719933c..7cadbfa6 100644
--- a/seacatauth/credentials/providers/ldap.py
+++ b/seacatauth/credentials/providers/ldap.py
@@ -176,20 +176,17 @@ def _get_worker(self, prefix, credentials_id, include=None) -> Optional[dict]:
 
 		# TODO: Validate credetials_id with regex
 
-		# Ensure that the base lies within configured base
-		base = base64.urlsafe_b64decode(credentials_id[len(prefix):]).decode("utf-8")
-		if not base.endswith(self.Config["base"]):
-			raise KeyError("Credentials {!r} do not end with {!r}".format(credentials_id, self.Config["base"]))
-
+		cn = base64.urlsafe_b64decode(credentials_id[len(prefix):]).decode("utf-8")
 		with self._ldap_client() as lc:
 			try:
 				sr = lc.search_s(
-					base,
+					cn,
 					ldap.SCOPE_BASE,
 					filterstr=self.Config["filter"],
 					attrlist=self.AttrList,
 				)
-			except ldap.NO_SUCH_OBJECT:
+			except ldap.NO_SUCH_OBJECT as e:
+				L.error(e)
 				sr = []
 
 		if len(sr) == 0: