From a3a76eeda5d11600fe23244476e7ee172b7d085d Mon Sep 17 00:00:00 2001
From: Brian Lin <blin@cs.wisc.edu>
Date: Mon, 18 Dec 2023 13:43:45 -0600
Subject: [PATCH 1/2] Fix issue preventing COManage Topology contact sync
 (SOFTWARE-5766)

---
 src/webapp/ldap_data.py | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/webapp/ldap_data.py b/src/webapp/ldap_data.py
index 6f38d3d64..e6ba5cbb1 100644
--- a/src/webapp/ldap_data.py
+++ b/src/webapp/ldap_data.py
@@ -19,7 +19,13 @@ def get_contact_cilogon_id_map(global_data):
 # cilogon ldap query constants
 #_ldap_url = "ldaps://ldap.cilogon.org"
 #_username = "uid=readonly_user,ou=system,o=OSG,o=CO,dc=cilogon,dc=org"
-_cilogon_basedn   = "o=OSG,o=CO,dc=cilogon,dc=org"
+_cilogon_basedn   = "ou=people,o=OSG,o=CO,dc=cilogon,dc=org"
+
+# Filter on all (CO Persons with status == Active) AND
+# (is an active member of the Topology Contacts COU or OASIS Managers COU)
+_ACTIVE_COPERSON_FILTER = "(&(ismemberOf=CO:members:active)" + \
+    "(|(ismemberOf=CO:COU:Topology Contacts:members:active)" + \
+    "(ismemberOf=CO:COU:OASIS Managers:members:active)))"
 
 
 def get_cilogon_ldap_id_map(ldap_url, ldap_user, ldap_pass):
@@ -29,7 +35,7 @@ def get_cilogon_ldap_id_map(ldap_url, ldap_user, ldap_pass):
     conn = ldap3.Connection(server, ldap_user, ldap_pass, receive_timeout=CILOGON_LDAP_TIMEOUT)
     if not conn.bind():
         return None  # connection failure
-    conn.search(_cilogon_basedn, '(voPersonID=*)', attributes=['*'])
+    conn.search(_cilogon_basedn, _ACTIVE_COPERSON_FILTER, attributes=['*'])
     result_data = [ (e.entry_dn, e.entry_attributes_as_dict)
                     for e in conn.entries ]
     conn.unbind()

From 51d717d1bd32f7359f97f4e0c89f138964075850 Mon Sep 17 00:00:00 2001
From: Brian Lin <blin@cs.wisc.edu>
Date: Mon, 18 Dec 2023 15:47:23 -0600
Subject: [PATCH 2/2] Limit the COManage search scope (SOFTWARE-5766)

We don't need any depth when searching in the ou=people
---
 src/webapp/ldap_data.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/webapp/ldap_data.py b/src/webapp/ldap_data.py
index e6ba5cbb1..2bcaae334 100644
--- a/src/webapp/ldap_data.py
+++ b/src/webapp/ldap_data.py
@@ -35,7 +35,7 @@ def get_cilogon_ldap_id_map(ldap_url, ldap_user, ldap_pass):
     conn = ldap3.Connection(server, ldap_user, ldap_pass, receive_timeout=CILOGON_LDAP_TIMEOUT)
     if not conn.bind():
         return None  # connection failure
-    conn.search(_cilogon_basedn, _ACTIVE_COPERSON_FILTER, attributes=['*'])
+    conn.search(_cilogon_basedn, _ACTIVE_COPERSON_FILTER, search_scope='one', attributes=['*'])
     result_data = [ (e.entry_dn, e.entry_attributes_as_dict)
                     for e in conn.entries ]
     conn.unbind()