From 34cdfca289eb4bcb79c4580135ba971c7a2437d4 Mon Sep 17 00:00:00 2001
From: Julian Rother <julian@jrother.eu>
Date: Mon, 12 Apr 2021 23:41:41 +0200
Subject: [PATCH] Fixed behaviour of core.Session.get if called with
 non-canonical DNs

---
 ldapalchemy/core.py | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/ldapalchemy/core.py b/ldapalchemy/core.py
index 57c8663..c20a93e 100644
--- a/ldapalchemy/core.py
+++ b/ldapalchemy/core.py
@@ -193,7 +193,14 @@ class Session:
 		if not conn.response:
 			return None
 		assert len(conn.response) == 1
-		assert conn.response[0]['dn'] == dn
+		if conn.response[0]['dn'] != dn:
+			# To use DNs as cache keys, we assume each DN has a single unique string
+			# representation. This is not generally true: RDN attributes may be
+			# case insensitive or values may contain escape sequences.
+			# In this case, the provided DN differs from the canonical form the
+			# server returned. We cannot handle this consistently, so we report no
+			# match.
+			return None
 		obj = Object(self, conn.response[0])
 		self.state.objects[dn] = obj
 		self.committed_state.objects[dn] = obj
-- 
GitLab