From d685adb029694236119477e5ca80dd789a73e7ec Mon Sep 17 00:00:00 2001
From: Ramkumar Chinchani <45800463+rchincha@users.noreply.github.com>
Date: Fri, 12 Jan 2024 14:08:35 -0800
Subject: [PATCH] fix: npe if ldap query doesn't return attributes (#2151)

We cannot assume the LDAP server will have group attributes programmed
everytime. So handle it accordingly.

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
---
 pkg/api/ldap.go | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/pkg/api/ldap.go b/pkg/api/ldap.go
index 608e14b45..dc70a1a5d 100644
--- a/pkg/api/ldap.go
+++ b/pkg/api/ldap.go
@@ -173,8 +173,11 @@ func (lc *LDAPClient) Authenticate(username, password string) (bool, map[string]
 	}
 
 	attributes := lc.Attributes
+
 	attributes = append(attributes, "dn")
-	attributes = append(attributes, lc.UserGroupAttribute)
+	if lc.UserGroupAttribute != "" {
+		attributes = append(attributes, lc.UserGroupAttribute)
+	}
 
 	searchScope := ldap.ScopeSingleLevel
 
@@ -216,8 +219,13 @@ func (lc *LDAPClient) Authenticate(username, password string) (bool, map[string]
 	}
 
 	userDN := search.Entries[0].DN
-	userAttributes := search.Entries[0].Attributes[0]
-	userGroups := userAttributes.Values
+
+	var userGroups []string
+
+	if lc.UserGroupAttribute != "" && len(search.Entries[0].Attributes) > 0 {
+		userAttributes := search.Entries[0].Attributes[0]
+		userGroups = userAttributes.Values
+	}
 	user := map[string]string{}
 
 	for _, attr := range lc.Attributes {