akkounts/app/services/create_account.rb

class CreateAccount < ApplicationService
  def initialize(args)
    @username   = args[:username]
    @domain     = args[:ou] || "kosmos.org"
    @email      = args[:email]
    @password   = args[:password]
    @invitation = args[:invitation]
  end

  def call
    create_user_in_database
    add_ldap_document
  end

  private

  def create_user_in_database
    User.create!(
      cn: @username,
      ou: @domain,
      email: @email,
      password: @password,
      password_confirmation: @password
    )
  end

  def add_ldap_document
    dn = "cn=#{@username},ou=kosmos.org,cn=users,dc=kosmos,dc=org"
    attr = {
      objectclass: ["top", "account", "person", "extensibleObject"],
      cn: @username,
      sn: @username,
      uid: @username,
      mail: @email,
      userPassword: Devise.ldap_auth_password_builder.call(@password)
    }

    ldap_client.add(dn: dn, attributes: attr)
  end

  def ldap_client
    ldap_client ||= Net::LDAP.new host: ldap_config['host'],
      port: ldap_config['port'],
      encryption: ldap_config['ssl'],
      auth: {
        method: :simple,
        username: ldap_config['admin_user'],
        password: ldap_config['admin_password']
      }
  end

  def ldap_config
    ldap_config ||= YAML.load(ERB.new(File.read("#{Rails.root}/config/ldap.yml")).result)[Rails.env]
  end
end