ldap_attrs: fix case-insensitive attribute lookup in state=exact (#11990)

* fix(ldap_attrs): case-insensitive attribute lookup in _get_all_values_of LDAP attribute names are case-insensitive (RFC 4512), but the previous code used a case-sensitive dict lookup on the server's response. When the server returns an attribute with different casing than requested, the lookup returns [] causing state=exact to issue MOD_ADD instead of MOD_REPLACE, which fails on single-valued attributes that already have a value. Fixes #1624 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(changelogs): add fragment for ldap_attrs fix #11990 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-06 21:32:49 +00:00 · 2026-05-07 07:38:56 +12:00
parent 2232f8bcc3
commit 645dd2d448
2 changed files with 4 additions and 1 deletions
--- a/plugins/modules/ldap_attrs.py
+++ b/plugins/modules/ldap_attrs.py
@@ -347,7 +347,8 @@ class LdapAttrs(LdapGeneric):
                results = self.connection.search_s(self.dn, ldap.SCOPE_BASE, attrlist=[name])
            except ldap.LDAPError as e:
                self.fail(f"Cannot search for attribute {name}", e)
-            self._cached_values[lc_name] = results[0][1].get(name, [])
+            attrs = results[0][1]
+            self._cached_values[lc_name] = next((v for k, v in attrs.items() if k.lower() == lc_name), [])
        return self._cached_values[lc_name]

    def _is_value_absent(self, name, value):