Handle search returning nil in searching for POSIX group members

[ekohl]

According to the API documentation search may return a dataset or nil. Calling nil.map will fail.

Originally reported by @lhellebr in https://issues.redhat.com/browse/SAT-24745.

[adamruzicka]

Looking at the change that introduced map here, it seems the original intent was to always return an array, although it was still susceptible to crashing hard if @ldap.search returned nil even before the map change.

Suggested change

	)&.map { |entry| entry[:cn][0] }
	)&.map { |entry| entry[:cn][0] } || []

[ekohl]

Looking at the change that introduced map here, it seems the original intent was to always return an array, although it was still susceptible to crashing hard if @ldap.search returned nil even before the map change.

Note that https://issues.redhat.com/browse/SAT-24745 was reported against it when it still called .each.

I also noted in the API docs you an write it more like the original .each implementation by using a block:

def find_user_groups(uid)
  user = find_user(uid).first
  results = []
  @ldap.search(
    :filter => user_group_filter(uid, user[:dn].first),
    :base => @group_base, :attributes => ["cn"]
  ) do |entry|
    results << entry[:cn][0]
  end
  results
end

The docs are a bit clearer here:

  # #search returns either a result-set or a boolean, depending on the value
  # of the <tt>:return_result</tt> argument. The default behavior is to
  # return a result set, which is an Array of objects of class
  # Net::LDAP::Entry. If you request a result set and #search fails with an
  # error, it will return nil. Call #get_operation_result to get the error
  # information returned by
  # the LDAP server.

I've pushed a commit that I think does a reasonable job of handling errors, but it's entirely untested now. Just based on reading docs. Could you have a look if that's reasonable?