How to search roles in ldap recursively with Net::LDAP in Ruby

Question

I'm creating a self service with the possibility to grant application roles (defined in a meta [ldap]) for a user. Our structure in the meta is not uniform. It looks like this:

o=meta
  ou=Firm
    ou=AppRoles
      ou=GitLab
        cn=Admin
        cn=User
      ou=SAP
        ou=SAPCRT
          cn=Admin
          cn=User
        ou=SAPLST
          ou=NW
            cn=Admin
            cn=User
          ou=ST
            cn=Admin
            cn=User

etc... So you see, the cn (Approle) is not always on the same level.

This is the code I have so far. It finds 'ou's like GitLab Admin and GitLab User. But I need to receive a list with Gitlab Admin, Gitlab User, SAP/SAPCRT Admin, SAP/SAPCRT User, SAP/SAPLST/NW Admin, and so forth.

base = 'ou=AppRoles,ou=Firm,o=META'
filter = Net::LDAP::Filter.begins('ou', query)

How can I setup Net::LDAP to filter/search recursively?

Answer 1

Not sure if this will print all cn's under AppRole, but with the "puts" command you will see the output, could you show us the return of this block of code?

def get_ldap_users(ldap_password)
      filter = Net::LDAP::Filter.eq("ou", "AppRoles")
      treebase = "dc=yourdomainhere"
      get_ldap(ldap_password).search(:base => treebase, :filter => filter) do |entry|
       puts "CN: #{entry.cn}"
      end
end