LDAP - Issue with users and groups in different DN bases #194
Description
Consider a possible and common LDAP structure where users are in one organizational unit (ou) and groups are in another, e.g.
- users in
ou=users,dc=example,dc=com, ex.cn=billy,ou=users,dc=example,dc=com - groups in
ou=groups,dc=example,dc=com, ex.cn=sysadmins,ou=groups,dc=example,dc=com
As implemented MMS cannot support this LDAP structure because a common ldap.provider.base configuration is used for both users and groups, implicitly via ldap.provider.url=ldaps://dir.example.com/${ldap.provider.base} and explicitly via https://github.com/Open-MBEE/mms/blob/1d4e8b279a33980bc3d0e0ef22339c281516bb8c/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java#L142
A solution would be to independently and explicitly configure search bases for users and groups, as is already supported by the vanilla Spring Boot LdapAuthenticationProvider being overridden.