From 168ae81b1f8d3c1beaa50b7c86c1a0fd7623035a Mon Sep 17 00:00:00 2001
From: Taran Pelkey <tpelkey2021@gmail.com>
Date: Sat, 22 Jun 2024 01:35:35 -0500
Subject: [PATCH] Fix error when validating DN that is not under base DN
 (#19971)

---
 internal/config/identity/ldap/ldap.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/internal/config/identity/ldap/ldap.go b/internal/config/identity/ldap/ldap.go
index 30a69c6ea..eaf8d4a06 100644
--- a/internal/config/identity/ldap/ldap.go
+++ b/internal/config/identity/ldap/ldap.go
@@ -98,7 +98,8 @@ func (l *Config) GetValidatedDNForUsername(username string) (*xldap.DNSearchResu
 	// under a configured base DN in the LDAP directory.
 	validDN, isUnderBaseDN, err := l.GetValidatedUserDN(conn, username)
 	if err == nil && !isUnderBaseDN {
-		return nil, fmt.Errorf("Unable to find user DN: %w", err)
+		// Not under any configured base DN, so treat as not found.
+		return nil, nil
 	}
 	return validDN, err
 }