[PLAT-11806]Allow LDAP-DB Sync of multiple verticals

Summary: The values specified as `LdapSearchFilter` in the payload takes care of the syncing users specific to groups. Say if the `LdapSearchFilter` is `(objectclass=person)`, all the users that are present on the LDAP server irrespective of which groups they belongs to get synced to the DB nodes. But if the `LdapSearchFilter` is `(&(objectclass=person)(|(groupName=CN=Admins,CN=Groups,DC=EXAMPLE,DC=COM)(groupName=CN=Random,CN=Groups,DC=EXAMPLE,DC=COM)))`, only the users belonging to either `Admins` or `Random` on the LDAP Server get synced to the DB nodes. Test Plan: Tested manually. Created a universe and triggered the sync with `LdapSearchFilter` as `(&(objectclass=person)(|(groupName=CN=Admins,CN=Groups,DC=EXAMPLE,DC=COM)(groupName=CN=Random,CN=Groups,DC=EXAMPLE,DC=COM)))`. Observed the output before and after the sync. {F163428} Reviewers: #yba-api-review!, svarshney Reviewed By: svarshney Subscribers: yugaware Differential Revision: https://phorge.dev.yugabyte.com/D33424
yugabyte · Mar 21, 2024 · c44146e · c44146e
1 parent 5aea1a3
commit c44146e
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 6 deletions.
diff --git a/managed/src/main/java/com/yugabyte/yw/forms/LdapUnivSyncFormData.java b/managed/src/main/java/com/yugabyte/yw/forms/LdapUnivSyncFormData.java
@@ -45,8 +45,13 @@ public enum TargetApi {
   private String ldapBindPassword;
 
   @ApiModelProperty(
-      value = "LDAP search filter to get the user entries",
-      example = "(objectclass=person)")
+      value =
+          "LDAP search filter to get the user entries. This filter can also be used to search for"
+              + " the users based on their group memberships.",
+      example =
+          "(objectclass=person),"
+              + " (&(objectclass=person)(|(groupName=CN=group1,CN=Groups,DC=example,DC=com)"
+              + "(groupName=CN=group2,CN=Groups,DC=example,DC=com)))")
   private String ldapSearchFilter;
 
   @ApiModelProperty(value = "Dn of the search starting point.", example = "dc=example,dc=org")

diff --git a/managed/src/main/resources/swagger-strict.json b/managed/src/main/resources/swagger-strict.json
@@ -6579,8 +6579,8 @@
           "type" : "integer"
         },
         "ldapSearchFilter" : {
-          "description" : "LDAP search filter to get the user entries",
-          "example" : "(objectclass=person)",
+          "description" : "LDAP search filter to get the user entries. This filter can also be used to search for the users based on their group memberships.",
+          "example" : "(objectclass=person), (&(objectclass=person)(|(groupName=CN=group1,CN=Groups,DC=example,DC=com)(groupName=CN=group2,CN=Groups,DC=example,DC=com)))",
           "type" : "string"
         },
         "ldapServer" : {

diff --git a/managed/src/main/resources/swagger.json b/managed/src/main/resources/swagger.json
@@ -6623,8 +6623,8 @@
           "type" : "integer"
         },
         "ldapSearchFilter" : {
-          "description" : "LDAP search filter to get the user entries",
-          "example" : "(objectclass=person)",
+          "description" : "LDAP search filter to get the user entries. This filter can also be used to search for the users based on their group memberships.",
+          "example" : "(objectclass=person), (&(objectclass=person)(|(groupName=CN=group1,CN=Groups,DC=example,DC=com)(groupName=CN=group2,CN=Groups,DC=example,DC=com)))",
           "type" : "string"
         },
         "ldapServer" : {