Module: Legion::Extensions::Identity::Ldap::Helpers::GroupSync

Defined in:
lib/legion/extensions/identity/ldap/helpers/group_sync.rb

Constant Summary collapse

PROFILE_ATTRIBUTES = 
{
  first_name:   :givenname,
  last_name:    :sn,
  email:        :mail,
  display_name: :displayname,
  department:   :department,
  title:        :title
}.freeze
USER_ATTRIBUTES = 
%w[memberOf givenName sn mail displayName department title].freeze

Instance Method Summary collapse

Instance Method Details

#resolve_profile(canonical_name:) ⇒ Object 



22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
 
# File 'lib/legion/extensions/identity/ldap/helpers/group_sync.rb', line 22

def resolve_profile(canonical_name:)
  cfg = ldap_settings
  return nil if cfg.nil? || cfg[:host].nil?

  ldap = build_ldap_client(cfg)
  return { success: false, error: 'LDAP bind failed' } unless ldap.bind

  search_user(
    ldap:            ldap,
    username:        canonical_name,
    base_dn:         cfg[:base_dn],
    user_filter:     cfg.fetch(:user_filter, '(sAMAccountName=%<username>s)'),
    group_attribute: cfg.fetch(:group_attribute, 'memberOf')
  )
rescue Net::LDAP::Error => e
  { success: false, error: "LDAP error: #{e.message}" }
end