[PR #11990/645dd2d4 backport][stable-12] ldap_attrs: fix case-insensitive attribute lookup in state=exact (#12007)

ldap_attrs: fix case-insensitive attribute lookup in `state=exact` (#11990)

* fix(ldap_attrs): case-insensitive attribute lookup in _get_all_values_of

LDAP attribute names are case-insensitive (RFC 4512), but the previous
code used a case-sensitive dict lookup on the server's response. When
the server returns an attribute with different casing than requested,
the lookup returns [] causing state=exact to issue MOD_ADD instead of
MOD_REPLACE, which fails on single-valued attributes that already have
a value.

Fixes #1624



* feat(changelogs): add fragment for ldap_attrs fix #11990



---------


(cherry picked from commit 645dd2d448)

Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>

plugins/modules/ldap_attrs.py

@@ -347,7 +347,8 @@ class LdapAttrs(LdapGeneric):
                 results = self.connection.search_s(self.dn, ldap.SCOPE_BASE, attrlist=[name])
             except ldap.LDAPError as e:
                 self.fail(f"Cannot search for attribute {name}", e)
-            self._cached_values[lc_name] = results[0][1].get(name, [])
+            attrs = results[0][1]
+            self._cached_values[lc_name] = next((v for k, v in attrs.items() if k.lower() == lc_name), [])
         return self._cached_values[lc_name]
 
     def _is_value_absent(self, name, value):