Don't error if group doesn't exist.

Some LDAP servers will list DNs that don't actually exist. Work around this bug by not erroring if the group isn't found.
ConductorOne · Oct 28, 2024 · 30c15d4 · 30c15d4
1 parent e4ee83d
commit 30c15d4
Showing 1 changed file with 8 additions and 2 deletions.
diff --git a/pkg/connector/group.go b/pkg/connector/group.go
@@ -177,8 +177,14 @@ func (g *groupResourceType) Grants(ctx context.Context, resource *v2.Resource, t
 		nil,
 	)
 	if err != nil {
-		err := fmt.Errorf("ldap-connector: failed to list group members: %w", err)
-		l.Error("ldap-connector: failed to list group members", zap.Error(err))
+		l.Error("ldap-connector: failed to list group members", zap.String("group_dn", resource.Id.Resource), zap.Error(err))
+
+		// Some LDAP servers lie.
+		if ldap3.IsErrorAnyOf(err, ldap3.LDAPResultNoSuchObject) {
+			return nil, "", nil, nil
+		}
+
+		err := fmt.Errorf("ldap-connector: failed to list group %s members: %w", resource.Id.Resource, err)
 		return nil, "", nil, err
 	}