From a7d2cc3e0b132461ef4f6f3e580de7ec68de7f66 Mon Sep 17 00:00:00 2001
From: Lars Seipel <ls@slrz.net>
Date: Wed, 15 Jan 2025 19:32:34 +0100
Subject: [PATCH] connector/ldap: adjust attributes for h_da directory

---
 connector/ldap/ldap.go  |  2 +-
 connector/ldap/tweak.go | 32 ++++++++++++++++++++++++++++++++
 2 files changed, 33 insertions(+), 1 deletion(-)
 create mode 100644 connector/ldap/tweak.go

diff --git a/connector/ldap/ldap.go b/connector/ldap/ldap.go
index 856949d2..6f6f0c3e 100644
--- a/connector/ldap/ldap.go
+++ b/connector/ldap/ldap.go
@@ -410,7 +410,7 @@ func (c *ldapConnector) identityFromEntry(user ldap.Entry) (ident connector.Iden
 		err := fmt.Errorf("ldap: entry %q missing following required attribute(s): %q", user.DN, missing)
 		return connector.Identity{}, err
 	}
-	return ident, nil
+	return tweakIdentity(ident), nil
 }
 
 func (c *ldapConnector) userEntry(conn *ldap.Conn, username string) (user ldap.Entry, found bool, err error) {
diff --git a/connector/ldap/tweak.go b/connector/ldap/tweak.go
new file mode 100644
index 00000000..34facee7
--- /dev/null
+++ b/connector/ldap/tweak.go
@@ -0,0 +1,32 @@
+package ldap
+
+import (
+	"strings"
+
+	"github.com/dexidp/dex/connector"
+)
+
+// TweakIdentity adjusts attributes received from the LDAP directory. Don't ask
+// why this is necessary. Just learn to accept it.
+func tweakIdentity(id connector.Identity) connector.Identity {
+	id.Username = tweakName(id)
+	return id
+}
+
+func tweakName(id connector.Identity) string {
+	name := id.Username
+	if name == " " {
+		return id.PreferredUsername
+	}
+
+	xs := strings.Split(name, ", ")
+	if len(xs) == 1 {
+		return name
+	}
+
+	if strings.Contains(xs[1], " (") {
+		xs[1] = strings.Split(xs[1], " (")[0]
+	}
+
+	return xs[1] + " " + xs[0]
+}
-- 
GitLab