From 30c15d491b137cb8d1bb924b35931c84fe574b1e Mon Sep 17 00:00:00 2001
From: Geoff Greer <geoff@greer.fm>
Date: Mon, 28 Oct 2024 11:20:54 -0700
Subject: [PATCH] Don't error if group doesn't exist.

Some LDAP servers will list DNs that don't actually exist. Work around this bug by not erroring if the group isn't found.
---
 pkg/connector/group.go | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/pkg/connector/group.go b/pkg/connector/group.go
index e64c0d8..a3e3918 100644
--- a/pkg/connector/group.go
+++ b/pkg/connector/group.go
@@ -177,8 +177,14 @@ func (g *groupResourceType) Grants(ctx context.Context, resource *v2.Resource, t
 		nil,
 	)
 	if err != nil {
-		err := fmt.Errorf("ldap-connector: failed to list group members: %w", err)
-		l.Error("ldap-connector: failed to list group members", zap.Error(err))
+		l.Error("ldap-connector: failed to list group members", zap.String("group_dn", resource.Id.Resource), zap.Error(err))
+
+		// Some LDAP servers lie.
+		if ldap3.IsErrorAnyOf(err, ldap3.LDAPResultNoSuchObject) {
+			return nil, "", nil, nil
+		}
+
+		err := fmt.Errorf("ldap-connector: failed to list group %s members: %w", resource.Id.Resource, err)
 		return nil, "", nil, err
 	}