Extra attributes with multiple values are lost in transit

[dayer4b]

When a user authenticates and user data, along with extra attributes, are loaded (especially with the Net::LDAP#search fix - see pull request #4 ), the user data that is returned may be missing some values.

I have seen this with the data from the OpenLDAP memberof overlay, which creates multiple entries named 'memberof' for each group to which the user belongs.

I recommend the following change:

  def extra_attributes
    if @options[:extra_attributes]
      result = {}
      @options[:extra_attributes].each do |index_result, index_ldap|
        value = @user_plain[index_ldap]
        if value
          result[index_result] = "#{value.join(', ')}"
        end
      end
      result
    else
      nil
    end
  end

This will keep the attribute values in string form and also permit multiple values.

I'll submit a Pull Request with this soon.

[pencil]

From #6:

CASino 4.0 supports multiple-values for a single field. Basically we can change this line to:

result[index_result] = value

I currently don't have the infrastructure to test it but if you are still interested, you might want to give it a try.

[twyfordr]

Would commas be a safe delimiter here? For at least the Active Directory implementation of LDAP, memberof returns a list of DNs, each of which is a comma-delimited list of RDNs.

[dballenger]

I monkey patched to set result[index_result] = value and it works (so I can get all the memberOf entries).