base_dn must accept more than one OU or none

[lucasbenevides]

In my organization, the Active Directory (AD) forest has two Organization Units (OU) and half the users are in one OU and the other half in other OU. There is no OU that includes all users that need to be authenticated by the LDAP plugin.
I have tried to set the ldap.base_dn (distinguished name) with only the DC part of my domains, so that it would look up in my entire AD forest but it throws an error. The error is 'OPERATIONS_ERROR' object has no attribute 'info'.
Is there any request to the plugin to accept only the DC without the OU? Or at least to the parameter ldap.base_dn to accept two OU not nested in each other?
Any other suggestion?

[lucasbenevides]

I have changed the code of two files so that it works with two parameters of distinguished Name (DN). If somehow is anyone interested, send me a message.
I just changed the parameter ldap.search.alt that is not available anymore and replaced the code that treated the case of having two search paths by the case of having two DN.
If anybody is interested I can give the code.
Do you think I should open a Pull Request?

[jrdh]

Hi @lucasbenevides, thanks for answering your own query! It sounds like this could be useful for other users of this repo and as long as existing configurations still work would definitely be worth opening a pull request for. Once you've opened it up we can have a look and get it merged 🎉

[lucasbenevides]

Okay, I did it.
It is here.
Although, if there was already a way to look in two different organizational units (OU) using only the default parameter, which I couldn't find out.

[jrdh]

Thanks! I'll take a look at the start of next week 🙂