For convenience added convertToUperCase on LdapAuthenticationProviderConfigurer

config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderConfigurerTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2020 the original author or authors.
+ * Copyright 2002-2021 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -114,6 +114,22 @@ public void authenticationManagerWhenSearchSubtreeThenNestedGroupFound() throws
 		this.mockMvc.perform(request).andExpect(expectedUser);
 	}
 
+	@Test
+	public void authenticationManagerWhenNotConvertToUpperCaseThenRolesAreLowerCased() throws Exception {
+		this.spring.register(NotConvertToUpperCaseConfig.class).autowire();
+
+		// @formatter:off
+		SecurityMockMvcRequestBuilders.FormLoginRequestBuilder request = formLogin()
+				.user("ben")
+				.password("benspassword");
+		SecurityMockMvcResultMatchers.AuthenticatedMatcher expectedUser = authenticated()
+				.withUsername("ben")
+				.withAuthorities(
+						AuthorityUtils.createAuthorityList("role_managers", "role_developers"));
+		// @formatter:on
+		this.mockMvc.perform(request).andExpect(expectedUser);
+	}
+
 	@EnableWebSecurity
 	static class MultiLdapAuthenticationProvidersConfig extends WebSecurityConfigurerAdapter {
 
@@ -193,4 +209,21 @@ protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 
 	}
 
+	@EnableWebSecurity
+	static class NotConvertToUpperCaseConfig extends BaseLdapProviderConfig {
+
+		@Override
+		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			// @formatter:off
+			auth
+				.ldapAuthentication()
+					.groupSearchBase("ou=groups")
+					.groupSearchFilter("(member={0})")
+					.userDnPatterns("uid={0},ou=people")
+					.convertToUpperCase(false);
+			// @formatter:on
+		}
+
+	}
+
 }

config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurer.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2020 the original author or authors.
+ * Copyright 2002-2021 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -70,6 +70,8 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
 
 	private String rolePrefix = "ROLE_";
 
+	private boolean convertToUpperCase = true;
+
 	private String userSearchBase = ""; // only for search
 
 	private String userSearchFilter = null; // "uid={0}"; // only for search
@@ -140,6 +142,7 @@ private LdapAuthoritiesPopulator getLdapAuthoritiesPopulator() {
 		defaultAuthoritiesPopulator.setGroupSearchFilter(this.groupSearchFilter);
 		defaultAuthoritiesPopulator.setSearchSubtree(this.groupSearchSubtree);
 		defaultAuthoritiesPopulator.setRolePrefix(this.rolePrefix);
+		defaultAuthoritiesPopulator.setConvertToUpperCase(this.convertToUpperCase);
 		this.ldapAuthoritiesPopulator = defaultAuthoritiesPopulator;
 		return defaultAuthoritiesPopulator;
 	}
@@ -347,6 +350,17 @@ public LdapAuthenticationProviderConfigurer<B> rolePrefix(String rolePrefix) {
 		return this;
 	}
 
+	/**
+	 * If true, the role names are converted to uppercase letters. If false, the role
+	 * names remain untouched.
+	 * @param convertToUpperCase set to true to convert the role name to uppercase.
+	 * @return the {@link LdapAuthenticationProviderConfigurer} for further customizations
+	 */
+	public LdapAuthenticationProviderConfigurer<B> convertToUpperCase(boolean convertToUpperCase) {
+		this.convertToUpperCase = convertToUpperCase;
+		return this;
+	}
+
 	/**
 	 * Search base for user searches. Defaults to "". Only used with
 	 * {@link #userSearchFilter(String)}.