@@ -52,9 +52,8 @@ def perform(group)
5252 dns = member_dns ( group )
5353
5454 # search for base group's subgroups
55- filter = ALL_GROUPS_FILTER
5655 groups = dns . each_with_object ( [ ] ) do |dn , groups |
57- groups . concat ldap . search ( base : dn , scope : Net :: LDAP :: SearchScope_BaseObject , attributes : attrs , filter : filter )
56+ groups . concat find_groups_by_dn ( dn )
5857 searched << dn
5958 end
6059
@@ -77,13 +76,14 @@ def perform(group)
7776
7877 # search for subgroups
7978 subgroups = sub_dns . each_with_object ( [ ] ) do |dn , subgroups |
80- subgroups . concat ldap . search ( base : dn , scope : Net :: LDAP :: SearchScope_BaseObject , attributes : attrs , filter : filter )
81- searched << dn
79+ subgroups . concat find_groups_by_dn ( dn )
80+ searched << dn
8281 end
8382
83+ # give up if there were no subgroups found
8484 break if subgroups . empty?
8585
86- # track found groups
86+ # track found subgroups
8787 subgroups . each { |g | found [ g . dn ] = g }
8888
8989 # descend another level
@@ -106,6 +106,27 @@ def perform(group)
106106 entries
107107 end
108108
109+ # Internal: Search for Groups by DN.
110+ #
111+ # Given a Distinguished Name (DN) String value, find the Group entry
112+ # that matches it. The DN may map to a `person` entry, but we want to
113+ # filter those out.
114+ #
115+ # This will find zero or one entry most of the time, but it's not
116+ # guaranteed so we account for the possibility of more.
117+ #
118+ # This method is intended to be used with `Array#concat` by the caller.
119+ #
120+ # Returns an Array of zero or more Net::LDAP::Entry objects.
121+ def find_groups_by_dn ( dn )
122+ ldap . search \
123+ base : dn ,
124+ scope : Net ::LDAP ::SearchScope_BaseObject ,
125+ attributes : attrs ,
126+ filter : ALL_GROUPS_FILTER
127+ end
128+ private :find_group_by_dn
129+
109130 # Internal: Fetch entries by UID.
110131 #
111132 # Returns an Array of Net::LDAP::Entry objects.
0 commit comments