Authorize access to admin panel, etc.

Adds a separate admin namespace and base controller, with authorization
by looking up the admin property in the user's LDAP account.

app/controllers/admin/base_controller.rb

@@ -0,0 +1,6 @@
+class Admin::BaseController < ApplicationController
+
+  before_action :authenticate_user!
+  before_action :authorize_admin
+
+end

app/controllers/admin/dashboard_controller.rb

@@ -0,0 +1,4 @@
+class Admin::DashboardController < Admin::BaseController
+  def index
+  end
+end

app/controllers/admin/ldap_users_controller.rb

@@ -0,0 +1,41 @@
+class Admin::LdapUsersController < Admin::BaseController
+  def index
+    attributes = %w{dn cn uid mail admin}
+    filter = Net::LDAP::Filter.eq("uid", "*")
+    if params[:ou]
+      treebase = "ou=#{params[:ou]},cn=users,dc=kosmos,dc=org"
+    else
+      treebase = "ou=kosmos.org,cn=users,dc=kosmos,dc=org"
+    end
+
+    entries = ldap_client.search(base: treebase, filter: filter, attributes: attributes)
+    entries.sort_by! { |e| e.cn[0] }
+
+    @entries = entries.collect do |e|
+      {
+        uid: e.uid.first,
+        mail: e.try(:mail) ? e.mail.first : nil,
+        admin: e.try(:admin) ? 'admin' : nil
+        # password: e.userpassword.first
+      }
+    end
+    # ldap_client.get_operation_result
+  end
+
+  private
+
+  def ldap_client
+    ldap_client ||= Net::LDAP.new host: ENV['LDAP_HOST'],
+      port: ldap_config['port'],
+      encryption: ldap_config['ssl'],
+      auth: {
+        method: :simple,
+        username: ldap_config['admin_user'],
+        password: ldap_config['admin_password']
+      }
+  end
+
+  def ldap_config
+    ldap_config ||= YAML.load(ERB.new(File.read("#{Rails.root}/config/ldap.yml")).result)[Rails.env]
+  end
+end