From 5bddc8b257a3e0f3b31c2895d7a430796c686189 Mon Sep 17 00:00:00 2001
From: badra001 <donald.e.badrak.ii@census.gov>
Date: Thu, 29 Feb 2024 13:23:46 -0500
Subject: [PATCH] fix

---
 group-assignment/main.tf      | 2 +-
 group-assignment/variables.tf | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/group-assignment/main.tf b/group-assignment/main.tf
index 3100ce0..2309363 100644
--- a/group-assignment/main.tf
+++ b/group-assignment/main.tf
@@ -59,7 +59,7 @@ resource "aws_ssoadmin_account_assignment" "accounts" {
 
 locals {
   ldap_access_dn = format("cn=%v,%v", local.name, var.ldap_sso_name, var.ldap_sso_base)
-  ldap_dn        = format("cn=%v,ou=SSO,%v,%v", local.name, var.ldap_sso_namevar.ldap_sso_base)
+  ldap_dn        = format("cn=%v,ou=SSO,%v,%v", local.name, var.ldap_sso_name, var.ldap_sso_base)
 }
 
 resource "ldap_object" "group" {
diff --git a/group-assignment/variables.tf b/group-assignment/variables.tf
index 074ee65..e306348 100644
--- a/group-assignment/variables.tf
+++ b/group-assignment/variables.tf
@@ -106,7 +106,7 @@ variable "ldap_sso_name" {
   default     = null
 
   validation {
-    condition     = var.ldap_sso_name == null || contains(["ent-ew", "ent-gov", "lab-gov"], var.ldap_sso_name)
+    condition     = var.ldap_sso_name == null || try(contains(["ent-ew", "ent-gov", "lab-gov"], var.ldap_sso_name), false)
     error_message = "ldap_sso_name must be one of: ent-ew, ent-gov, lab-gov."
   }
 }