Merge pull request #1301 from sparc-request/ac-ads-working

Ability to specify multiple ldap_base for searching [#152927779]

app/lib/directory.rb

@@ -108,27 +108,38 @@ def self.find_or_create(ldap_uid)
   def self.search_ldap(term)
     # Set the search fields from the constants provided
     fields = [LDAP_UID, LDAP_LAST_NAME, LDAP_FIRST_NAME, LDAP_EMAIL]
+    combined_res = nil
 
     # query ldap and create new identities
     begin
-      ldap = Net::LDAP.new(
-         host: LDAP_HOST,
-         port: LDAP_PORT,
-         base: LDAP_BASE,
-         encryption: LDAP_ENCRYPTION)
-      ldap.auth LDAP_AUTH_USERNAME, LDAP_AUTH_PASSWORD unless !LDAP_AUTH_USERNAME || !LDAP_AUTH_PASSWORD
-      # use LDAP_FILTER to override default filter with custom string
-      filter = (LDAP_FILTER && LDAP_FILTER.gsub('#{term}', term)) || fields.map { |f| Net::LDAP::Filter.contains(f, term) }.inject(:|)
-      res = ldap.search(:attributes => fields, :filter => filter)
-      Rails.logger.info ldap.get_operation_result unless res
+      LDAP_BASE.each do |base|
+        ldap = Net::LDAP.new(
+           host: LDAP_HOST,
+           port: LDAP_PORT,
+           base: base,
+           encryption: LDAP_ENCRYPTION)
+        ldap.auth LDAP_AUTH_USERNAME, LDAP_AUTH_PASSWORD unless !LDAP_AUTH_USERNAME || !LDAP_AUTH_PASSWORD
+        # use LDAP_FILTER to override default filter with custom string
+        filter = (LDAP_FILTER && LDAP_FILTER.gsub('#{term}', term)) || fields.map { |f| Net::LDAP::Filter.contains(f, term) }.inject(:|)
+        res = ldap.search(:attributes => fields, :filter => filter)
+        if res
+          if combined_res.is_a? Array  # we have results from a previous base search
+            combined_res += res
+          else
+            combined_res = res
+          end
+        else
+          Rails.logger.info ldap.get_operation_result
+        end
+      end
     rescue => e
       Rails.logger.info '#'*100
       Rails.logger.info "#{e.message} (#{e.class})"
       Rails.logger.info '#'*100
-      res = nil
+      combined_res = nil
     end
 
-    return res
+    return combined_res
   end
 
   # SQL query that returns identities

config/ldap.yml.example

@@ -21,7 +21,7 @@
 development:
   ldap_host: authldap.musc.edu
   ldap_port: 636
-  ldap_base: 'ou=people,dc=musc,dc=edu'
+  ldap_base: ['ou=people,dc=musc,dc=edu']
   ldap_encryption: simple_tls
   ldap_domain: musc.edu
   ldap_uid: uid
@@ -30,12 +30,12 @@ development:
   ldap_email: mail
   ldap_auth_username: 'username'
   ldap_auth_password: 'password'
-  ldap_filter: "(&(|(|(|(cn=#{term}*)(sn=#{term}*))(givenName=#{term}*))(mail=#{term}*))(msRTCSIP-UserEnabled=TRUE))"  
+  ldap_filter: "(&(|(|(|(cn=#{term}*)(sn=#{term}*))(givenName=#{term}*))(mail=#{term}*))(msRTCSIP-UserEnabled=TRUE))"
 
 test:
   ldap_host: authldap.musc.edu
   ldap_port: 636
-  ldap_base: 'ou=people,dc=musc,dc=edu'
+  ldap_base: ['ou=people,dc=musc,dc=edu']
   ldap_encryption: simple_tls
   ldap_domain: musc.edu
   ldap_uid: uid

db/migrate/20180417172116_change_ldap_base_setting_to_json.rb

@@ -0,0 +1,13 @@
+class ChangeLdapBaseSettingToJson < ActiveRecord::Migration[5.1]
+  def up
+    Setting.where(key: 'ldap_base').each do |setting|
+      setting.update_attributes(data_type: 'json', value: "[\"#{setting.read_attribute(:value)}\"]")
+    end
+  end
+
+  def down
+    Setting.where(key: 'ldap_base').each do |setting|
+      setting.update_attributes(data_type: 'string', value: setting.value.first)
+    end
+  end
+end

db/schema.rb

@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20180416170741) do
+ActiveRecord::Schema.define(version: 20180417172116) do
 
   create_table "admin_rates", id: :integer, force: :cascade, options: "ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin" do |t|
     t.integer "line_item_id"