From 2fcde3ddcdfe2b644164c494af6006f3446a08bb Mon Sep 17 00:00:00 2001
From: Jean-Philippe Evrard <jean-philippe.evrard-prestataire@ca-gip.fr>
Date: Mon, 13 Jan 2025 17:04:32 +0100
Subject: [PATCH] fixup! Revert to use full DN instead of CN for autorization.

---
 internal/ldap/membership.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/internal/ldap/membership.go b/internal/ldap/membership.go
index eb0e1aa4..555daf95 100644
--- a/internal/ldap/membership.go
+++ b/internal/ldap/membership.go
@@ -121,7 +121,7 @@ func (m *LDAPMemberships) isUserAllowedOnCluster(regexpPatterns []string) (bool,
 
 		for _, groupName := range m.NonSpecificGroups {
 			for _, pattern := range regexpPatterns {
-				matched, err := regexp.MatchString(pattern, strings.ToUpper(groupName.DN)) // we match on full DN rather than CN because nobody prevents the ppl in the different entities to create a CN identical as the one used for adminGroup. This is purely out of precaution. In the future, we might want to change the regexp to match only the cn of the groups if we have the guarantee the users will not create groups that are duplicate.
+				matched, err := regexp.MatchString(strings.ToUpper(pattern), strings.ToUpper(groupName.DN)) // we match on full DN rather than CN because nobody prevents the ppl in the different entities to create a CN identical as the one used for adminGroup. This is purely out of precaution. In the future, we might want to change the regexp to match only the cn of the groups if we have the guarantee the users will not create groups that are duplicate.
 				if err != nil {
 					return false, fmt.Errorf("error matching pattern %v: %v", pattern, err)
 				}