From ipople at unimelb.edu.au Fri Jun 8 01:27:36 2007 From: ipople at unimelb.edu.au (Iain Pople) Date: Fri, 08 Jun 2007 15:27:36 +1000 Subject: [Ruby-activeldap-discuss] Installation and usage docs Message-ID: <4668E8C8.3010703@unimelb.edu.au> Hi, I am having another play with ActiveLDAP. I found it initially via rubygems so i used gems to install it: > gem install ruby-activeldap Is this a supported method of installation? I then started to follow the getting started instructions here (http://ruby-activeldap.rubyforge.org/doc/) The quick test fails: $ irb irb(main):001:0> require 'active_ldap' LoadError: no such file to load -- active_ldap from (irb):1:in `require' from (irb):1 However the following succeeds: $ irb irb(main):001:0> require 'rubygems' => true irb(main):002:0> gem 'ruby-activeldap' => true However if i then try and use the class it fails: irb(main):003:0> class Group < ActiveLdap::Base irb(main):004:1> ldap_mapping irb(main):005:1> end NameError: uninitialized constant ActiveLdap from (irb):3 The installation instructions don't seem current as the file setup.rb doesn't even exist. So what is the correct way to install ActiveLdap? Also is it known to work with Sun Directory Server 5.2 ? thanks, Iain. -- Iain Pople Systems Interface Technical Lead University of Melbourne From kou at cozmixng.org Fri Jun 8 02:36:21 2007 From: kou at cozmixng.org (Kouhei Sutou) Date: Fri, 8 Jun 2007 15:36:21 +0900 Subject: [Ruby-activeldap-discuss] Installation and usage docs In-Reply-To: <4668E8C8.3010703@unimelb.edu.au> References: <4668E8C8.3010703@unimelb.edu.au> Message-ID: Hi, 2007/6/8, Iain Pople : > > gem install ruby-activeldap > > Is this a supported method of installation? Yes. > $ irb > irb(main):001:0> require 'active_ldap' > LoadError: no such file to load -- active_ldap > from (irb):1:in `require' > from (irb):1 If you are using RubyGem, you need to add '-rubygems' option to irb: $ irb -rubygems irb(main):001:0> require 'active_ldap' > However the following succeeds: > > $ irb > irb(main):001:0> require 'rubygems' > => true > irb(main):002:0> gem 'ruby-activeldap' > => true You need to use "require 'active_ldap'" instead of "gem 'ruby-activeldap'": irb(main):002:0> require 'active_ldap' > The installation instructions don't seem current as the file setup.rb > doesn't even exist. You can use 'rake install': % sudo rake install > So what is the correct way to install ActiveLdap? Both of RubyGems and rake. > Also is it known to work with Sun Directory Server 5.2 ? Please report if you find a problem with Sun Directory Server 5.2. :) I'll fix the problem. Thanks, -- kou From lists at suares.an Sat Jun 9 17:33:18 2007 From: lists at suares.an (Ace Suares) Date: Sat, 9 Jun 2007 17:33:18 -0400 Subject: [Ruby-activeldap-discuss] Where can I find the most up to date documentation ? Message-ID: <200706091733.19111.lists@suares.an> Hi, I am looking to install activeldap but I have found different pages with documentation. Which one is the correct and most up -to-date one ? cheers ace From kou at cozmixng.org Mon Jun 11 07:51:10 2007 From: kou at cozmixng.org (Kouhei Sutou) Date: Mon, 11 Jun 2007 20:51:10 +0900 (JST) Subject: [Ruby-activeldap-discuss] Where can I find the most up to date documentation ? In-Reply-To: <200706091733.19111.lists@suares.an> References: <200706091733.19111.lists@suares.an> Message-ID: <20070611.205110.57098322.kou@cozmixng.org> Hi, In <200706091733.19111.lists at suares.an> "[Ruby-activeldap-discuss] Where can I find the most up to date documentation ?" on Sat, 9 Jun 2007 17:33:18 -0400, Ace Suares wrote: > I am looking to install activeldap but I have found different pages with > documentation. Which one is the correct and most up -to-date one ? It's http://ruby-activeldap.rubyforge.org/doc/ Thanks, -- kou From lists at suares.an Mon Jun 11 11:30:02 2007 From: lists at suares.an (Ace Suares) Date: Mon, 11 Jun 2007 11:30:02 -0400 Subject: [Ruby-activeldap-discuss] Where can I find the most up to date documentation ? In-Reply-To: <20070611.205110.57098322.kou@cozmixng.org> References: <200706091733.19111.lists@suares.an> <20070611.205110.57098322.kou@cozmixng.org> Message-ID: <200706111130.02709.lists@suares.an> On Monday 11 June 2007, Kouhei Sutou wrote: > Hi, > > In <200706091733.19111.lists at suares.an> > "[Ruby-activeldap-discuss] Where can I find the most up to date > documentation ?" on Sat, 9 Jun 2007 17:33:18 -0400, > > Ace Suares wrote: > > I am looking to install activeldap but I have found different pages > > with documentation. Which one is the correct and most up -to-date one > > ? > > It's http://ruby-activeldap.rubyforge.org/doc/ Thanks. On that site, the link to download activeldap seems wrong: http://projects.dataspill.org/libraries/ruby/activeldap/download.html Who is most responsible for docs at the moment ? I would like to work together with that person. ace > > Thanks, > -- > kou > _______________________________________________ > Ruby-activeldap-discuss mailing list > Ruby-activeldap-discuss at rubyforge.org > http://rubyforge.org/mailman/listinfo/ruby-activeldap-discuss From kou at cozmixng.org Tue Jun 12 06:14:01 2007 From: kou at cozmixng.org (Kouhei Sutou) Date: Tue, 12 Jun 2007 19:14:01 +0900 (JST) Subject: [Ruby-activeldap-discuss] Where can I find the most up to date documentation ? In-Reply-To: <200706111130.02709.lists@suares.an> References: <200706091733.19111.lists@suares.an> <20070611.205110.57098322.kou@cozmixng.org> <200706111130.02709.lists@suares.an> Message-ID: <20070612.191401.69385727.kou@cozmixng.org> Hi, In <200706111130.02709.lists at suares.an> "Re: [Ruby-activeldap-discuss] Where can I find the most up to date documentation ?" on Mon, 11 Jun 2007 11:30:02 -0400, Ace Suares wrote: > > > I am looking to install activeldap but I have found different pages > > > with documentation. Which one is the correct and most up -to-date one > > > ? > > > > It's http://ruby-activeldap.rubyforge.org/doc/ > > Thanks. On that site, the link to download activeldap seems wrong: > http://projects.dataspill.org/libraries/ruby/activeldap/download.html Thanks for reporting. I've fixed that in trunk. Now, this is the correct URL: http://rubyforge.org/frs/?group_id=381 This fix will be applied the next release. > Who is most responsible for docs at the moment ? I would like to work > together with that person. This ML is OK. If you send a patch or new documentation, I'll apply or add them into trunk. Thanks, -- kou From m.zecko at gmail.com Tue Jun 12 11:40:08 2007 From: m.zecko at gmail.com (m.zeckinger) Date: Tue, 12 Jun 2007 17:40:08 +0200 Subject: [Ruby-activeldap-discuss] problems with 0.8.2 and net-ldap: invalid filter syntax Message-ID: <8be6656c0706120840n1e7873bao6c832f6bc8e33ff@mail.gmail.com> hi list, as activeldap should support net-ldap i tried to get it running with a code that actually runs with ruby/ldap. i'm getting a "invalid filter syntax" when trying to run with net-ldap (latest svn net-ldap and ruby-activeldap). is this a bug? i am using a custom ldap group scheme with the name 'customGroup' -- maybe that could cause the problems? here are my models class LdapUser < ActiveLdap::Base ldap_mapping :dn_attribute => "uid", :prefix => "ou=users", :classes => ['top','inetOrgPerson'] belongs_to :groups, :class => 'LdapGroup', :many => "member", :foreign_key => "dn" def self.authenticate? username,password ActiveLdap::Base.logger ||= RAILS_DEFAULT_LOGGER ldap_configuration_file = File.join(RAILS_ROOT, 'config', 'ldap.yml') configurations = YAML::load(ERB.new(IO.read(ldap_configuration_file)).result) ActiveLdap::Base.configurations = configurations %w(development production test).each do |d| ActiveLdap::Base.configurations[d]['bind_dn']=SETTINGS['ldap_users'] % username ActiveLdap::Base.configurations[d]['password']=password end ActiveLdap::Base.establish_connection rescue return nil end end class LdapGroup < ActiveLdap::Base ldap_mapping :dn_attribute => "cn", :classes => ['top','customGroup'], :prefix => "ou=Groups" has_many :members, :class => "LdapUser", :wrap => "member" end error output: invalid filter syntax #{RAILS_ROOT}/lib/net/ldap/filter.rb:406:in `initialize' #{RAILS_ROOT}/lib/net/ldap/filter.rb:387:in `new' #{RAILS_ROOT}/lib/net/ldap/filter.rb:387:in `construct' #{RAILS_ROOT}/lib/net/ldap.rb:1354:in `search' #{RAILS_ROOT}/lib/active_ldap/adapter/net_ldap.rb:131:in `send' #{RAILS_ROOT}/lib/active_ldap/adapter/net_ldap.rb:131:in `execute' #{RAILS_ROOT}/lib/active_ldap/adapter/net_ldap.rb:71:in `search' #{RAILS_ROOT}/lib/active_ldap/adapter/base.rb:135:in `search' #{RAILS_ROOT}/lib/active_ldap/adapter/base.rb:202:in `operation' #{RAILS_ROOT}/lib/active_ldap/timeout_stub.rb:6:in `call' #{RAILS_ROOT}/lib/active_ldap/timeout_stub.rb:6:in `alarm' #{RAILS_ROOT}/lib/active_ldap/adapter/base.rb:237:in `with_timeout' #{RAILS_ROOT}/lib/active_ldap/adapter/base.rb:201:in `operation' #{RAILS_ROOT}/lib/active_ldap/adapter/base.rb:134:in `search' #{RAILS_ROOT}/lib/active_ldap/adapter/net_ldap.rb:63:in `search' #{RAILS_ROOT}/lib/active_ldap/base.rb:293:in `search' #{RAILS_ROOT}/lib/active_ldap/base.rb:560:in `find_every' #{RAILS_ROOT}/lib/active_ldap/base.rb:446:in `find' #{RAILS_ROOT}/lib/active_ldap/association/belongs_to_many.rb:38:in `find_target' #{RAILS_ROOT}/lib/active_ldap/association/proxy.rb:78:in `load_target' #{RAILS_ROOT}/lib/active_ldap/association/collection.rb:9:in `to_ary' #{RAILS_ROOT}/lib/active_ldap/association/collection.rb:25:in `each' #{RAILS_ROOT}/app/controllers/login_controller.rb:43:in `collect' #{RAILS_ROOT}/app/controllers/login_controller.rb:43:in `login' #{RAILS_ROOT}/vendor/rails/actionpack/lib/action_controller/base.rb:1095:in `send' #{RAILS_ROOT}/vendor/rails/actionpack/lib/action_controller/base.rb:1095:in `perform_action_without_filters' #{RAILS_ROOT}/vendor/rails/actionpack/lib/action_controller/filters.rb:632:in `call_filter' #{RAILS_ROOT}/vendor/rails/actionpack/lib/action_controller/filters.rb:638:in `call_filter' #{RAILS_ROOT}/vendor/rails/actionpack/lib/action_controller/filters.rb:438:in `call' #{RAILS_ROOT}/vendor/rails/actionpack/lib/action_controller/filters.rb:637:in `call_filter' #{RAILS_ROOT}/vendor/rails/actionpack/lib/action_controller/filters.rb:638:in `call_filter' #{RAILS_ROOT}/vendor/rails/actionpack/lib/action_controller/filters.rb:449:in `call' #{RAILS_ROOT}/vendor/rails/actionpack/lib/action_controller/filters.rb:637:in `call_filter' #{RAILS_ROOT}/vendor/rails/actionpack/lib/action_controller/filters.rb:619:in `perform_action_without_benchmark' #{RAILS_ROOT}/vendor/rails/actionpack/lib/action_controller/benchmarking.rb:66:in `perform_action_without_rescue' /usr/local/lib/ruby/1.8/benchmark.rb:293:in `measure' #{RAILS_ROOT}/vendor/rails/actionpack/lib/action_controller/benchmarking.rb:66:in `perform_action_without_rescue' #{RAILS_ROOT}/vendor/rails/actionpack/lib/action_controller/rescue.rb:83:in `perform_action' #{RAILS_ROOT}/vendor/rails/actionpack/lib/action_controller/base.rb:430:in `send' #{RAILS_ROOT}/vendor/rails/actionpack/lib/action_controller/base.rb:430:in `process_without_filters' #{RAILS_ROOT}/vendor/rails/actionpack/lib/action_controller/filters.rb:624:in `process_without_session_management_support' #{RAILS_ROOT}/vendor/rails/actionpack/lib/action_controller/session_management.rb:114:in `process' #{RAILS_ROOT}/vendor/rails/actionpack/lib/action_controller/base.rb:330:in `process' #{RAILS_ROOT}/vendor/rails/railties/lib/dispatcher.rb:41:in `dispatch' /usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.1/lib/mongrel/rails.rb:78:in `process' /usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.1/lib/mongrel/rails.rb:76:in `synchronize' /usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.1/lib/mongrel/rails.rb:76:in `process' /usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.1/lib/mongrel.rb:618:in `process_client' /usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.1/lib/mongrel.rb:617:in `each' /usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.1/lib/mongrel.rb:617:in `process_client' /usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.1/lib/mongrel.rb:736:in `run' /usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.1/lib/mongrel.rb:736:in `initialize' /usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.1/lib/mongrel.rb:736:in `new' /usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.1/lib/mongrel.rb:736:in `run' /usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.1/lib/mongrel.rb:720:in `initialize' /usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.1/lib/mongrel.rb:720:in `new' /usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.1/lib/mongrel.rb:720:in `run' /usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.1/lib/mongrel/configurator.rb:271:in `run' /usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.1/lib/mongrel/configurator.rb:270:in `each' /usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.1/lib/mongrel/configurator.rb:270:in `run' /usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.1/bin/mongrel_rails:127:in `run' /usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.1/lib/mongrel/command.rb:211:in `run' /usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.1/bin/mongrel_rails:243 /usr/local/bin/mongrel_rails:16:in `load' /usr/local/bin/mongrel_rails:16 From kou at cozmixng.org Tue Jun 12 19:17:13 2007 From: kou at cozmixng.org (Kouhei Sutou) Date: Wed, 13 Jun 2007 08:17:13 +0900 Subject: [Ruby-activeldap-discuss] problems with 0.8.2 and net-ldap: invalid filter syntax In-Reply-To: <8be6656c0706120840n1e7873bao6c832f6bc8e33ff@mail.gmail.com> References: <8be6656c0706120840n1e7873bao6c832f6bc8e33ff@mail.gmail.com> Message-ID: Hi, 2007/6/13, m. zeckinger : > hi list, as activeldap should support net-ldap i tried to get it > running with a code that actually runs with ruby/ldap. i'm getting a > "invalid filter syntax" when trying to run with net-ldap (latest svn > net-ldap and ruby-activeldap). is this a bug? > > i am using a custom ldap group scheme with the name 'customGroup' -- > maybe that could cause the problems? > > here are my models Could you show us your LoginController#login too? And could you show us the filter that causes "invalid filter syntax"? The filter can be detected by the following patch for Net::LDAP: =================================================================== --- lib/net/ldap/filter.rb (revision 250) +++ lib/net/ldap/filter.rb (working copy) @@ -403,7 +403,7 @@ def initialize str require 'strscan' - @filter = parse( StringScanner.new( str )) or raise Net::LDAP::LdapError.new( "invalid filter syntax" ) + @filter = parse( StringScanner.new( str )) or raise Net::LDAP::LdapError.new( "invalid filter syntax: #{str}" ) end def parse scanner Thanks, -- kou From ipople at unimelb.edu.au Wed Jun 13 03:23:04 2007 From: ipople at unimelb.edu.au (Iain Pople) Date: Wed, 13 Jun 2007 17:23:04 +1000 Subject: [Ruby-activeldap-discuss] class names case sensitive Message-ID: <466F9B58.6070509@unimelb.edu.au> Hi, I am using activeldap with 0.8.2 with Sun Directory server 5.2. We are using our own custom data schema. I have a problem where some objects of the same class have case variations in their entries. e.g. dn: object1 objectclass: unimelbipregsubnetdata dn: object2 objectclass: unimelbIPREGsubnetdata A query using the ldap command line tools will return both these entries regardless of case so it would seem that the actual directory is case insensitive: $ ldapsearch -b "ou=Resources,o=The University of Melbourne,c=AU" -s sub "(objectclass=unimelbipregsubnetdata)" I have defined a subclass of ActiveLdap: class Subnet < ActiveLdap::Base ldap_mapping :dn_attribute => 'unimelbipregsubnetcidr', :prefix => 'ou=Resources', :classes => ['top', 'unimelbipregsubnetdata'], :scope => :sub end The problem is that this can't find entries with objectclass = unimelbIPREGsubnetdata, and it generates an error when performing searches: > Subnet.find(:all) ActiveLdap::RequiredObjectClassMissed: Can't remove required objectClass: unimelbIPREGsubnetdata from /usr/local/ruby-1.8.6/lib/ruby/gems/1.8/gems/ruby-activeldap-0.8.2/lib/active_ldap/object_class.rb:68:in `assert_have_all_required_classes' .... Is there a way to make ActiveLdap case insensitive? thanks, Iain. -- Iain Pople Systems Interface Technical Lead University of Melbourne From m.zecko at gmail.com Wed Jun 13 04:59:51 2007 From: m.zecko at gmail.com (m.zeckinger) Date: Wed, 13 Jun 2007 10:59:51 +0200 Subject: [Ruby-activeldap-discuss] problems with 0.8.2 and net-ldap: invalid filter syntax In-Reply-To: References: <8be6656c0706120840n1e7873bao6c832f6bc8e33ff@mail.gmail.com> Message-ID: <8be6656c0706130159g2ab344eayc0e0eadb798b4700@mail.gmail.com> hello, after applying your patch, the following error output comes: invalid filter syntax (&(member=uid=z3cko,ou=users,dc=p1ng,dc=net)(objectClass=top)(objectClass=customGroup)) the "customGroup" is a custom written ldap-group-schema. my login controller if user=Person.find(:first, :conditions => ["ldap_dn = ?", SETTINGS['ldap_users'] % v[:un]] ) then if l=LdapUser.authenticate?(v[:un], v[:pw]) then authenticated=true ldu=LdapUser.find(user.ldap_dn) ldu.groups.collect { |t| session[:groups] << t.cn } end end any ideas what could be the problem? thanks, mz ps: maybe you should apply the patch you sent me to trunk, makes debugging easier ;) On 6/13/07, Kouhei Sutou wrote: > Hi, > > 2007/6/13, m. zeckinger : > > hi list, as activeldap should support net-ldap i tried to get it > > running with a code that actually runs with ruby/ldap. i'm getting a > > "invalid filter syntax" when trying to run with net-ldap (latest svn > > net-ldap and ruby-activeldap). is this a bug? > > > > i am using a custom ldap group scheme with the name 'customGroup' -- > > maybe that could cause the problems? > > > > here are my models > > Could you show us your LoginController#login too? > And could you show us the filter that causes "invalid filter syntax"? > The filter can be detected by the following patch for Net::LDAP: > > =================================================================== > --- lib/net/ldap/filter.rb (revision 250) > +++ lib/net/ldap/filter.rb (working copy) > @@ -403,7 +403,7 @@ > > def initialize str > require 'strscan' > - @filter = parse( StringScanner.new( str )) or raise > Net::LDAP::LdapError.new( "invalid filter syntax" ) > + @filter = parse( StringScanner.new( str )) or raise > Net::LDAP::LdapError.new( "invalid filter syntax: #{str}" ) > end > > def parse scanner > > > Thanks, > -- > kou > _______________________________________________ > Ruby-activeldap-discuss mailing list > Ruby-activeldap-discuss at rubyforge.org > http://rubyforge.org/mailman/listinfo/ruby-activeldap-discuss > From kou at cozmixng.org Wed Jun 13 06:52:34 2007 From: kou at cozmixng.org (Kouhei Sutou) Date: Wed, 13 Jun 2007 19:52:34 +0900 (JST) Subject: [Ruby-activeldap-discuss] class names case sensitive In-Reply-To: <466F9B58.6070509@unimelb.edu.au> References: <466F9B58.6070509@unimelb.edu.au> Message-ID: <20070613.195234.116829286.kou@cozmixng.org> Hi, In <466F9B58.6070509 at unimelb.edu.au> "[Ruby-activeldap-discuss] class names case sensitive" on Wed, 13 Jun 2007 17:23:04 +1000, Iain Pople wrote: > I have defined a subclass of ActiveLdap: > > class Subnet < ActiveLdap::Base > ldap_mapping :dn_attribute => 'unimelbipregsubnetcidr', > :prefix => 'ou=Resources', > :classes => ['top', 'unimelbipregsubnetdata'], > :scope => :sub > end > > The problem is that this can't find entries with objectclass = > unimelbIPREGsubnetdata, and it generates an error when performing searches: > > > Subnet.find(:all) > ActiveLdap::RequiredObjectClassMissed: Can't remove required > objectClass: unimelbIPREGsubnetdata > from > /usr/local/ruby-1.8.6/lib/ruby/gems/1.8/gems/ruby-activeldap-0.8.2/lib/active_ldap/object_class.rb:68:in > `assert_have_all_required_classes' > .... Could you show us the result of 'p Subnet.search'? And could you show us the output of Subnet.find(:all) with the following patch: Index: lib/active_ldap/adapter/base.rb =================================================================== --- lib/active_ldap/adapter/base.rb (revision 201) +++ lib/active_ldap/adapter/base.rb (working copy) @@ -116,6 +116,7 @@ def search(options={}) filter = parse_filter(options[:filter]) || 'objectClass=*' + p [options[:filter], filter] attrs = options[:attributes] || [] scope = ensure_scope(options[:scope]) base = options[:base] > Is there a way to make ActiveLdap case insensitive? I think this is a filter construction problem by ActiveLdap. The filter is processed LDAP server not ActiveLdap. I've fixed a filter bug in trunk a few weeks ago. If you have a time, could you try again with trunk? Thanks, -- kou From kou at cozmixng.org Wed Jun 13 07:17:55 2007 From: kou at cozmixng.org (Kouhei Sutou) Date: Wed, 13 Jun 2007 20:17:55 +0900 (JST) Subject: [Ruby-activeldap-discuss] problems with 0.8.2 and net-ldap: invalid filter syntax In-Reply-To: <8be6656c0706130159g2ab344eayc0e0eadb798b4700@mail.gmail.com> References: <8be6656c0706120840n1e7873bao6c832f6bc8e33ff@mail.gmail.com> <8be6656c0706130159g2ab344eayc0e0eadb798b4700@mail.gmail.com> Message-ID: <20070613.201755.161806523.kou@cozmixng.org> Hi, In <8be6656c0706130159g2ab344eayc0e0eadb798b4700 at mail.gmail.com> "Re: [Ruby-activeldap-discuss] problems with 0.8.2 and net-ldap: invalid filter syntax" on Wed, 13 Jun 2007 10:59:51 +0200, m.zeckinger wrote: > invalid filter syntax > (&(member=uid=z3cko,ou=users,dc=p1ng,dc=net)(objectClass=top)(objectClass=customGroup)) Umm... Do you (or someone) know how to write a filter that include '=' character in attribute value? Should we escape that? > ps: maybe you should apply the patch you sent me to trunk, makes > debugging easier ;) I hope so but I'm not a maintainer of Net::LDAP. :X Thanks, -- kou From hughes.james at gmail.com Wed Jun 13 12:33:03 2007 From: hughes.james at gmail.com (James Hughes) Date: Wed, 13 Jun 2007 09:33:03 -0700 Subject: [Ruby-activeldap-discuss] class names case sensitive In-Reply-To: <20070613.195234.116829286.kou@cozmixng.org> References: <466F9B58.6070509@unimelb.edu.au> <20070613.195234.116829286.kou@cozmixng.org> Message-ID: <765a2c230706130933w1e5f833k66113b3ab1f3397b@mail.gmail.com> On 6/13/07, Kouhei Sutou wrote: > > > Is there a way to make ActiveLdap case insensitive? > > I think this is a filter construction problem by > ActiveLdap. The filter is processed LDAP server not > ActiveLdap. > > I've fixed a filter bug in trunk a few weeks ago. If you > have a time, could you try again with trunk? > I had similar problems with case sensitivity in ActiveLdap[1]. I can confirm that the fix in trunk mentioned by Kouhei above made the problem go away; you should definitely upgrade to the latest trunk. jh [1] See this thread: http://rubyforge.org/pipermail/ruby-activeldap-discuss/2007-April/000128.html > > Thanks, > -- > kou > _______________________________________________ > Ruby-activeldap-discuss mailing list > Ruby-activeldap-discuss at rubyforge.org > http://rubyforge.org/mailman/listinfo/ruby-activeldap-discuss > From ipople at unimelb.edu.au Thu Jun 14 02:32:53 2007 From: ipople at unimelb.edu.au (Iain Pople) Date: Thu, 14 Jun 2007 16:32:53 +1000 Subject: [Ruby-activeldap-discuss] class names case sensitive In-Reply-To: <765a2c230706130933w1e5f833k66113b3ab1f3397b@mail.gmail.com> References: <466F9B58.6070509@unimelb.edu.au> <20070613.195234.116829286.kou@cozmixng.org> <765a2c230706130933w1e5f833k66113b3ab1f3397b@mail.gmail.com> Message-ID: <4670E115.5030808@unimelb.edu.au> When i try to install from trunk i get an error from rake: $ rake install (in /home/usr/its/ipople/src/activeldap/trunk) which: no dot in (/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin:/sbin:/usr/sbin:/usr/local/ruby-1.8.6/bin) Is there a way to install it without having dot installed? James Hughes wrote: > On 6/13/07, Kouhei Sutou wrote: > >>> Is there a way to make ActiveLdap case insensitive? >> I think this is a filter construction problem by >> ActiveLdap. The filter is processed LDAP server not >> ActiveLdap. >> >> I've fixed a filter bug in trunk a few weeks ago. If you >> have a time, could you try again with trunk? >> -- Iain Pople Systems Interface Technical Lead University of Melbourne From kou at cozmixng.org Thu Jun 14 03:30:41 2007 From: kou at cozmixng.org (Kouhei Sutou) Date: Thu, 14 Jun 2007 16:30:41 +0900 Subject: [Ruby-activeldap-discuss] class names case sensitive In-Reply-To: <4670E115.5030808@unimelb.edu.au> References: <466F9B58.6070509@unimelb.edu.au> <20070613.195234.116829286.kou@cozmixng.org> <765a2c230706130933w1e5f833k66113b3ab1f3397b@mail.gmail.com> <4670E115.5030808@unimelb.edu.au> Message-ID: Hi, 2007/6/14, Iain Pople : > When i try to install from trunk i get an error from rake: > > $ rake install > (in /home/usr/its/ipople/src/activeldap/trunk) > which: no dot in > (/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin:/sbin:/usr/sbin:/usr/local/ruby-1.8.6/bin) > > Is there a way to install it without having dot installed? Could you us the output of them?: $ rake install --trace $ which dot $ ruby -r hoe -e 'p Hoe::VERSION' # or ruby -rubygems -r hoe -e 'p Hoe::VERSION' Thanks, -- kou From ipople at unimelb.edu.au Thu Jun 14 05:14:28 2007 From: ipople at unimelb.edu.au (Iain Pople) Date: Thu, 14 Jun 2007 19:14:28 +1000 Subject: [Ruby-activeldap-discuss] class names case sensitive In-Reply-To: References: <466F9B58.6070509@unimelb.edu.au> <20070613.195234.116829286.kou@cozmixng.org> <765a2c230706130933w1e5f833k66113b3ab1f3397b@mail.gmail.com> <4670E115.5030808@unimelb.edu.au> Message-ID: <467106F4.9030006@unimelb.edu.au> Kouhei Sutou wrote: > Could you us the output of them?: > > $ rake install --trace $ rake install --trace (in /home/usr/its/ipople/src/activeldap/trunk) which: no dot in (/home/usr/its/ipople/sw/bin:/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin:/sbin:/usr/sbin:/usr/local/ruby-1.8.6/bin) ** Invoke install (first_time) ** Execute install > $ which dot $ which dot /usr/bin/which: no dot in (/home/usr/its/ipople/sw/bin:/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin:/sbin:/usr/sbin:/usr/local/ruby-1.8.6/bin) > $ ruby -r hoe -e 'p Hoe::VERSION' # or ruby -rubygems -r hoe -e 'p > Hoe::VERSION' > $ ruby -rubygems -r hoe -e 'p Hoe::VERSION' ruby: no such file to load -- hoe (LoadError) > > Thanks, > -- > kou > _______________________________________________ > Ruby-activeldap-discuss mailing list > Ruby-activeldap-discuss at rubyforge.org > http://rubyforge.org/mailman/listinfo/ruby-activeldap-discuss -- Iain Pople Systems Interface Technical Lead University of Melbourne From kou at cozmixng.org Thu Jun 14 05:32:53 2007 From: kou at cozmixng.org (Kouhei Sutou) Date: Thu, 14 Jun 2007 18:32:53 +0900 Subject: [Ruby-activeldap-discuss] class names case sensitive In-Reply-To: <467106F4.9030006@unimelb.edu.au> References: <466F9B58.6070509@unimelb.edu.au> <20070613.195234.116829286.kou@cozmixng.org> <765a2c230706130933w1e5f833k66113b3ab1f3397b@mail.gmail.com> <4670E115.5030808@unimelb.edu.au> <467106F4.9030006@unimelb.edu.au> Message-ID: Hi, 2007/6/14, Iain Pople : > $ rake install --trace > (in /home/usr/its/ipople/src/activeldap/trunk) > which: no dot in > (/home/usr/its/ipople/sw/bin:/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin:/sbin:/usr/sbin:/usr/local/ruby-1.8.6/bin) > ** Invoke install (first_time) > ** Execute install You already installed successfully. $ ruby -r active_ldap -e 'p ActiveLdap::VERSION' From ipople at unimelb.edu.au Thu Jun 14 19:51:17 2007 From: ipople at unimelb.edu.au (Iain Pople) Date: Fri, 15 Jun 2007 09:51:17 +1000 Subject: [Ruby-activeldap-discuss] class names case sensitive In-Reply-To: <20070613.195234.116829286.kou@cozmixng.org> References: <466F9B58.6070509@unimelb.edu.au> <20070613.195234.116829286.kou@cozmixng.org> Message-ID: <4671D475.40201@unimelb.edu.au> Kouhei Sutou wrote: > > Could you show us the result of 'p Subnet.search'? search seems to work fine. It returns an array with all the Subnet objects. Too long to print: > p Subnet.search.first [[:and, "(unimelbipregsubnetcidr=*)", ["objectClass", "top"], ["objectClass", "unimelbipregsubnetdata"]], "(&(unimelbipregsubnetcidr=*)(objectClass=top)(objectClass=unimelbipregsubnetdata))"] ["unimelbIPREGsubnetcidr=203.2.86.0/24, ou=Resources, o=The University of Melbourne, c=AU", {"unimelbipregpubliccomment"=>["The Royal Melbourne Hospital"], "unimelbipregprivatecomment"=>["The Royal Melbourne Hospital"], "unimelbipregsubnetbillingentity"=>["medfac"], "unimelbipregsubnetcidr"=>["203.2.86.0/24"], "unimelbipregdomainname"=>["203.2.87.3"], "unimelbipregprimarynameserver"=>["203.2.87.3"], "unimelbipregdhcpleasedefaultlength"=>["691200"], "unimelbipreglanclass"=>["staff"], "unimelbipregdhcptimeoffset"=>["18000"], "unimelbipregdhcpleasemaxlength"=>["691200"], "unimelbipregrouter"=>["rmh"], "unimelbipregsubnetmask"=>["255.255.255.0"], "unimelbipregsubnetreservedips"=>["0 1 2 3 4 63 64 65 66 67 127 128 129 130 131 191 192 193 194 195 255"], "objectClass"=>["unimelbIPREGsubnetdata", "top"], "unimelbipregdomainnameservers"=>["128.250.66.5 128.250.201.5"], "unimelbipregsubnetrouting"=>["ext"], "unimelbipregsubnetgroup"=>["hospital-rmh"], "unimelbipregdhcpleaseminlength"=>["691200"], "unimelbipreguofm"=>["N"], "unimelbipregsubnetuse"=>["Client-route"], "unimelbipregsubnetnotes"=>["The Royal Melbourne Hospital"], "unimelbipreginterface"=>["23,123,133"], "unimelbipreggatewayip"=>["203.2.86.1"]}] > > And could you show us the output of Subnet.find(:all) with > the following patch: > > Index: lib/active_ldap/adapter/base.rb > =================================================================== > --- lib/active_ldap/adapter/base.rb (revision 201) > +++ lib/active_ldap/adapter/base.rb (working copy) > @@ -116,6 +116,7 @@ > > def search(options={}) > filter = parse_filter(options[:filter]) || 'objectClass=*' > + p [options[:filter], filter] > attrs = options[:attributes] || [] > scope = ensure_scope(options[:scope]) > base = options[:base] > > > Subnet.find(:all) [[:and, "(unimelbipregsubnetcidr=*)", ["objectClass", "top"], ["objectClass", "unimelbipregsubnetdata"]], "(&(unimelbipregsubnetcidr=*)(objectClass=top)(objectClass=unimelbipregsubnetdata))"] ActiveLdap::RequiredObjectClassMissed: Can't remove required objectClass: unimelbipregsubnetdata from /usr/local/ruby-1.8.6/lib/ruby/site_ruby/1.8/active_ldap/object_class.rb:68:in `assert_have_all_required_classes' from /usr/local/ruby-1.8.6/lib/ruby/site_ruby/1.8/active_ldap/object_class.rb:38:in `assert_object_classes' from /usr/local/ruby-1.8.6/lib/ruby/site_ruby/1.8/active_ldap/object_class.rb:24:in `replace_class' from /usr/local/ruby-1.8.6/lib/ruby/site_ruby/1.8/active_ldap/base.rb:1160:in `apply_object_class' from /usr/local/ruby-1.8.6/lib/ruby/site_ruby/1.8/active_ldap/base.rb:1090:in `initialize_by_ldap_data' from /usr/local/ruby-1.8.6/lib/ruby/site_ruby/1.8/active_ldap/base.rb:716:in `instantiate_without_callbacks' from /usr/local/ruby-1.8.6/lib/ruby/site_ruby/1.8/active_ldap/base.rb:715:in `instance_eval' from /usr/local/ruby-1.8.6/lib/ruby/site_ruby/1.8/active_ldap/base.rb:715:in `instantiate_without_callbacks' from /usr/local/ruby-1.8.6/lib/ruby/gems/1.8/gems/activerecord-1.15.3/lib/active_record/callbacks.rb:204:in `instantiate' from /usr/local/ruby-1.8.6/lib/ruby/site_ruby/1.8/active_ldap/base.rb:561:in `find_every' from /usr/local/ruby-1.8.6/lib/ruby/site_ruby/1.8/active_ldap/base.rb:560:in `collect' from /usr/local/ruby-1.8.6/lib/ruby/site_ruby/1.8/active_ldap/base.rb:560:in `find_every' from /usr/local/ruby-1.8.6/lib/ruby/site_ruby/1.8/active_ldap/base.rb:446:in `find' from (irb):7 -- Iain Pople Systems Interface Technical Lead University of Melbourne From kou at cozmixng.org Fri Jun 15 06:01:20 2007 From: kou at cozmixng.org (Kouhei Sutou) Date: Fri, 15 Jun 2007 19:01:20 +0900 (JST) Subject: [Ruby-activeldap-discuss] class names case sensitive In-Reply-To: <4671D475.40201@unimelb.edu.au> References: <466F9B58.6070509@unimelb.edu.au> <20070613.195234.116829286.kou@cozmixng.org> <4671D475.40201@unimelb.edu.au> Message-ID: <20070615.190120.152501716.kou@cozmixng.org> Hi, In <4671D475.40201 at unimelb.edu.au> "Re: [Ruby-activeldap-discuss] class names case sensitive" on Fri, 15 Jun 2007 09:51:17 +1000, Iain Pople wrote: > Kouhei Sutou wrote: > > > > Could you show us the result of 'p Subnet.search'? > > search seems to work fine. It returns an array with all the Subnet > objects. Too long to print: Thanks. I've fixed in trunk. Could you try again? -- kou From ipople at unimelb.edu.au Sun Jun 17 20:24:48 2007 From: ipople at unimelb.edu.au (Iain Pople) Date: Mon, 18 Jun 2007 10:24:48 +1000 Subject: [Ruby-activeldap-discuss] find(:all, '*match') doesn't use filter Message-ID: <4675D0D0.70408@unimelb.edu.au> Hi, I am finding that when i specify find(:all) it always uses a filter of '*'. e.g. user = User.find(:all, '*iain*') performs the following search on the server: SRCH base="ou=people,o=the university of melbourne,c=au" scope=2 filter="(&(uid=*)(objectClass=top)(objectClass=person)(objectClass=unimelbipreg))" Is this the correct behaviour? I expected it to return all results from the following search: filter="(&(uid='*iain*')(objectClass=top)(objectClass=person)(objectClass=unimelbipreg))" thanks, Iain. -- Iain Pople Systems Interface Technical Lead University of Melbourne From kou at cozmixng.org Mon Jun 18 06:34:59 2007 From: kou at cozmixng.org (Kouhei Sutou) Date: Mon, 18 Jun 2007 19:34:59 +0900 (JST) Subject: [Ruby-activeldap-discuss] find(:all, '*match') doesn't use filter In-Reply-To: <4675D0D0.70408@unimelb.edu.au> References: <4675D0D0.70408@unimelb.edu.au> Message-ID: <20070618.193459.254927252.kou@cozmixng.org> Hi, In <4675D0D0.70408 at unimelb.edu.au> "[Ruby-activeldap-discuss] find(:all, '*match') doesn't use filter" on Mon, 18 Jun 2007 10:24:48 +1000, Iain Pople wrote: > I am finding that when i specify find(:all) it always uses a filter of '*'. > > e.g. > > user = User.find(:all, '*iain*') > > performs the following search on the server: > > SRCH base="ou=people,o=the university of melbourne,c=au" scope=2 > filter="(&(uid=*)(objectClass=top)(objectClass=person)(objectClass=unimelbipreg))" > > Is this the correct behaviour? I expected it to return all results from > the following search: > > filter="(&(uid='*iain*')(objectClass=top)(objectClass=person)(objectClass=unimelbipreg))" OK. I imported your API improvement idea. Thanks, -- kou From ipople at unimelb.edu.au Mon Jun 18 20:15:35 2007 From: ipople at unimelb.edu.au (Iain Pople) Date: Tue, 19 Jun 2007 10:15:35 +1000 Subject: [Ruby-activeldap-discuss] find(:all, '*match') doesn't use filter In-Reply-To: <20070618.193459.254927252.kou@cozmixng.org> References: <4675D0D0.70408@unimelb.edu.au> <20070618.193459.254927252.kou@cozmixng.org> Message-ID: <46772027.2010001@unimelb.edu.au> Thanks. That's brilliant. Kouhei Sutou wrote: > Hi, > > In <4675D0D0.70408 at unimelb.edu.au> > "[Ruby-activeldap-discuss] find(:all, '*match') doesn't use filter" on Mon, 18 Jun 2007 10:24:48 +1000, > Iain Pople wrote: > >> I am finding that when i specify find(:all) it always uses a filter of '*'. >> >> e.g. >> >> user = User.find(:all, '*iain*') >> >> performs the following search on the server: >> >> SRCH base="ou=people,o=the university of melbourne,c=au" scope=2 >> filter="(&(uid=*)(objectClass=top)(objectClass=person)(objectClass=unimelbipreg))" >> >> Is this the correct behaviour? I expected it to return all results from >> the following search: >> >> filter="(&(uid='*iain*')(objectClass=top)(objectClass=person)(objectClass=unimelbipreg))" > > OK. I imported your API improvement idea. > > Thanks, > -- > kou > _______________________________________________ > Ruby-activeldap-discuss mailing list > Ruby-activeldap-discuss at rubyforge.org > http://rubyforge.org/mailman/listinfo/ruby-activeldap-discuss -- Iain Pople Systems Interface Technical Lead University of Melbourne From christoph.lipp at gmail.com Tue Jun 19 01:42:22 2007 From: christoph.lipp at gmail.com (Christoph Lipp) Date: Tue, 19 Jun 2007 07:42:22 +0200 Subject: [Ruby-activeldap-discuss] Stronger authentication needed, but how can I set a new connection on the object? Message-ID: <907f43920706182242l55de0791p4d062375e2167a60@mail.gmail.com> Hi I'm using ruby-activeldap to build an administration interface for our ldap directory. It's almost finished, but now I've got a big problem. Or perhaps I just don't see the solution. Background: I'm using ruby-activeldap with Rails, hope you guys know it. My Problem: In my environment.rb I have a establish_connection method call, it connects anonymously to our directory. The application has two functionalities: 1. Search the directory, 2. Administrative tasks. Number one doesn't need an authentication but number two does. Now everything's done with anonymous login. Every search and so on. But now, of course, I get some "Stronger authentication" messages 'cause of our ldap settings. That's good, no problem, but somehow I should give a new connection (authenticated with username and password) to the ldap object ? I mean, theres an object, with insufficient rights, but how can I change that? Hope my problem is clear ;) Thanks in advance, Christoph -------------- next part -------------- An HTML attachment was scrubbed... URL: http://rubyforge.org/pipermail/ruby-activeldap-discuss/attachments/20070619/57d4baa1/attachment.html From m.zecko at gmail.com Tue Jun 19 10:21:01 2007 From: m.zecko at gmail.com (m.zeckinger) Date: Tue, 19 Jun 2007 16:21:01 +0200 Subject: [Ruby-activeldap-discuss] problems with 0.8.2 and net-ldap: invalid filter syntax In-Reply-To: <20070613.201755.161806523.kou@cozmixng.org> References: <8be6656c0706120840n1e7873bao6c832f6bc8e33ff@mail.gmail.com> <8be6656c0706130159g2ab344eayc0e0eadb798b4700@mail.gmail.com> <20070613.201755.161806523.kou@cozmixng.org> Message-ID: <8be6656c0706190721l64dedd22v2917b3b2d5bccc4a@mail.gmail.com> so there was no solution for this? is it an activeldap-bug? thanks, mz On 6/13/07, Kouhei Sutou wrote: > Hi, > > In <8be6656c0706130159g2ab344eayc0e0eadb798b4700 at mail.gmail.com> > "Re: [Ruby-activeldap-discuss] problems with 0.8.2 and net-ldap: invalid filter syntax" on Wed, 13 Jun 2007 10:59:51 +0200, > m.zeckinger wrote: > > > invalid filter syntax > > (&(member=uid=z3cko,ou=users,dc=p1ng,dc=net)(objectClass=top)(objectClass=customGroup)) > > Umm... > Do you (or someone) know how to write a filter that include > '=' character in attribute value? Should we escape that? > > > ps: maybe you should apply the patch you sent me to trunk, makes > > debugging easier ;) > > I hope so but I'm not a maintainer of Net::LDAP. :X > > > Thanks, > -- > kou > _______________________________________________ > Ruby-activeldap-discuss mailing list > Ruby-activeldap-discuss at rubyforge.org > http://rubyforge.org/mailman/listinfo/ruby-activeldap-discuss > From christoph.lipp at gmail.com Wed Jun 20 02:32:19 2007 From: christoph.lipp at gmail.com (Christoph Lipp) Date: Wed, 20 Jun 2007 08:32:19 +0200 Subject: [Ruby-activeldap-discuss] Stronger authentication needed, but how can I set a new connection on the object? In-Reply-To: <907f43920706182242l55de0791p4d062375e2167a60@mail.gmail.com> References: <907f43920706182242l55de0791p4d062375e2167a60@mail.gmail.com> Message-ID: <907f43920706192332g1fa7036fn1f44cf1ab376584b@mail.gmail.com> Does nobody have a hint? On 6/19/07, Christoph Lipp wrote: > > Hi > > I'm using ruby-activeldap to build an administration interface for our > ldap directory. It's almost finished, but now I've got a big problem. Or > perhaps I just don't see the solution. > > Background: > I'm using ruby-activeldap with Rails, hope you guys know it. > > My Problem: > In my environment.rb I have a establish_connection method call, it > connects anonymously to our directory. > The application has two functionalities: 1. Search the directory, 2. > Administrative tasks. Number one doesn't need an authentication but number > two does. > Now everything's done with anonymous login. Every search and so on. But > now, of course, I get some "Stronger authentication" messages 'cause of our > ldap settings. That's good, no problem, but somehow I should give a new > connection (authenticated with username and password) to the ldap object ? I > mean, theres an object, with insufficient rights, but how can I change that? > > > Hope my problem is clear ;) > > Thanks in advance, > Christoph > > > -- Christoph Lipp Hauptstr. 4 5618 Bettwil Mobil: 0797858932 Home-Tel: 0325104753 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://rubyforge.org/pipermail/ruby-activeldap-discuss/attachments/20070620/fcae4538/attachment.html From kou at cozmixng.org Wed Jun 20 07:03:49 2007 From: kou at cozmixng.org (Kouhei Sutou) Date: Wed, 20 Jun 2007 20:03:49 +0900 (JST) Subject: [Ruby-activeldap-discuss] problems with 0.8.2 and net-ldap: invalid filter syntax In-Reply-To: <8be6656c0706190721l64dedd22v2917b3b2d5bccc4a@mail.gmail.com> References: <8be6656c0706130159g2ab344eayc0e0eadb798b4700@mail.gmail.com> <20070613.201755.161806523.kou@cozmixng.org> <8be6656c0706190721l64dedd22v2917b3b2d5bccc4a@mail.gmail.com> Message-ID: <20070620.200349.128082994.kou@cozmixng.org> > so there was no solution for this? is it an activeldap-bug? If you tell me a LDAP filter notation that uses "=" and "," in filter value, I'll implement. You can use other LDAP tools like ldapsearch to test LDAP filter notation. Thanks, -- kou > On 6/13/07, Kouhei Sutou wrote: > > Hi, > > > > In <8be6656c0706130159g2ab344eayc0e0eadb798b4700 at mail.gmail.com> > > "Re: [Ruby-activeldap-discuss] problems with 0.8.2 and net-ldap: invalid filter syntax" on Wed, 13 Jun 2007 10:59:51 +0200, > > m.zeckinger wrote: > > > > > invalid filter syntax > > > (&(member=uid=z3cko,ou=users,dc=p1ng,dc=net)(objectClass=top)(objectClass=customGroup)) > > > > Umm... > > Do you (or someone) know how to write a filter that include > > '=' character in attribute value? Should we escape that? > > > > > ps: maybe you should apply the patch you sent me to trunk, makes > > > debugging easier ;) > > > > I hope so but I'm not a maintainer of Net::LDAP. :X > > > > > > Thanks, > > -- > > kou > > _______________________________________________ > > Ruby-activeldap-discuss mailing list > > Ruby-activeldap-discuss at rubyforge.org > > http://rubyforge.org/mailman/listinfo/ruby-activeldap-discuss > > > _______________________________________________ > Ruby-activeldap-discuss mailing list > Ruby-activeldap-discuss at rubyforge.org > http://rubyforge.org/mailman/listinfo/ruby-activeldap-discuss From kou at cozmixng.org Wed Jun 20 07:08:01 2007 From: kou at cozmixng.org (Kouhei Sutou) Date: Wed, 20 Jun 2007 20:08:01 +0900 (JST) Subject: [Ruby-activeldap-discuss] Stronger authentication needed, but how can I set a new connection on the object? In-Reply-To: <907f43920706182242l55de0791p4d062375e2167a60@mail.gmail.com> References: <907f43920706182242l55de0791p4d062375e2167a60@mail.gmail.com> Message-ID: <20070620.200801.227014694.kou@cozmixng.org> Hi, > I'm using ruby-activeldap to build an administration interface for our ldap > directory. It's almost finished, but now I've got a big problem. Or perhaps I > just don't see the solution. > > Background: > I'm using ruby-activeldap with Rails, hope you guys know it. > > My Problem: > In my environment.rb I have a establish_connection method call, it connects > anonymously to our directory. > The application has two functionalities: 1. Search the directory, 2. > Administrative tasks. Number one doesn't need an authentication but number two > does. > Now everything's done with anonymous login. Every search and so on. But now, of > course, I get some "Stronger authentication" messages 'cause of our ldap > settings. That's good, no problem, but somehow I should give a new connection > (authenticated with username and password) to the ldap object ? I mean, theres > an object, with insufficient rights, but how can I change that? I saw a similar question. ActiveLdap supports multiple connections. You can keep a connection per class. There is a simple example in documentation: ==== Juggling multiple LDAP connections In the same vein as the last tip, you can use multiple LDAP connections by per class as follows: irb> anon_class = Class.new(Base) => ... irb> anon_class.establish_connection => ... irb> auth_class = Class.new(Base) => ... irb> auth_class.establish_connection(:password_block => {'mypass'}) => ... This can be useful for doing authentication tests and other such tricks. m.zeckinger's example code that was showed a week ago will help you too. Thanks, -- kou From kou at cozmixng.org Wed Jun 20 07:15:48 2007 From: kou at cozmixng.org (Kouhei Sutou) Date: Wed, 20 Jun 2007 20:15:48 +0900 (JST) Subject: [Ruby-activeldap-discuss] problems with 0.8.2 and net-ldap: invalid filter syntax In-Reply-To: <20070620.200349.128082994.kou@cozmixng.org> References: <20070613.201755.161806523.kou@cozmixng.org> <8be6656c0706190721l64dedd22v2917b3b2d5bccc4a@mail.gmail.com> <20070620.200349.128082994.kou@cozmixng.org> Message-ID: <20070620.201548.69785362.kou@cozmixng.org> > > so there was no solution for this? is it an activeldap-bug? > > If you tell me a LDAP filter notation that uses "=" and "," > in filter value, I'll implement. You can use other LDAP > tools like ldapsearch to test LDAP filter notation. I think we should escape "=" and "," in the LDAP filter: (&(member=uid=z3cko,ou=users,dc=p1ng,dc=net)(objectClass=top)(objectClass=customGroup)) But I don't know how to do that. Or my expectation is wrong. Thanks, -- kou > > On 6/13/07, Kouhei Sutou wrote: > > > Hi, > > > > > > In <8be6656c0706130159g2ab344eayc0e0eadb798b4700 at mail.gmail.com> > > > "Re: [Ruby-activeldap-discuss] problems with 0.8.2 and net-ldap: invalid filter syntax" on Wed, 13 Jun 2007 10:59:51 +0200, > > > m.zeckinger wrote: > > > > > > > invalid filter syntax > > > > (&(member=uid=z3cko,ou=users,dc=p1ng,dc=net)(objectClass=top)(objectClass=customGroup)) > > > > > > Umm... > > > Do you (or someone) know how to write a filter that include > > > '=' character in attribute value? Should we escape that? > > > > > > > ps: maybe you should apply the patch you sent me to trunk, makes > > > > debugging easier ;) > > > > > > I hope so but I'm not a maintainer of Net::LDAP. :X > > > > > > > > > Thanks, > > > -- > > > kou > > > _______________________________________________ > > > Ruby-activeldap-discuss mailing list > > > Ruby-activeldap-discuss at rubyforge.org > > > http://rubyforge.org/mailman/listinfo/ruby-activeldap-discuss > > > > > _______________________________________________ > > Ruby-activeldap-discuss mailing list > > Ruby-activeldap-discuss at rubyforge.org > > http://rubyforge.org/mailman/listinfo/ruby-activeldap-discuss > _______________________________________________ > Ruby-activeldap-discuss mailing list > Ruby-activeldap-discuss at rubyforge.org > http://rubyforge.org/mailman/listinfo/ruby-activeldap-discuss From christoph.lipp at gmail.com Wed Jun 20 07:23:59 2007 From: christoph.lipp at gmail.com (Christoph Lipp) Date: Wed, 20 Jun 2007 13:23:59 +0200 Subject: [Ruby-activeldap-discuss] problems with 0.8.2 and net-ldap: invalid filter syntax In-Reply-To: <20070620.201548.69785362.kou@cozmixng.org> References: <20070613.201755.161806523.kou@cozmixng.org> <8be6656c0706190721l64dedd22v2917b3b2d5bccc4a@mail.gmail.com> <20070620.200349.128082994.kou@cozmixng.org> <20070620.201548.69785362.kou@cozmixng.org> Message-ID: <907f43920706200423p72c0e6f6ua1726dd31c50aa15@mail.gmail.com> On 6/20/07, Kouhei Sutou wrote: > > > > so there was no solution for this? is it an activeldap-bug? > > > > If you tell me a LDAP filter notation that uses "=" and "," > > in filter value, I'll implement. You can use other LDAP > > tools like ldapsearch to test LDAP filter notation. > > I think we should escape "=" and "," in the LDAP filter: > > (&(member=uid=z3cko,ou=users,dc=p1ng,dc=net)(objectClass=top)(objectClass=customGroup)) To esacpe the "=" character use \3D. Example: uid==test would be uid=\3Dtest. But I didn't find a complete list with all special characters... works with OpenLDAP. But I don't know how to do that. Or my expectation is wrong. > > Thanks, > -- > kou > > > > On 6/13/07, Kouhei Sutou wrote: > > > > Hi, > > > > > > > > In <8be6656c0706130159g2ab344eayc0e0eadb798b4700 at mail.gmail.com> > > > > "Re: [Ruby-activeldap-discuss] problems with 0.8.2 and net-ldap: > invalid filter syntax" on Wed, 13 Jun 2007 10:59:51 +0200, > > > > m.zeckinger wrote: > > > > > > > > > invalid filter syntax > > > > > > (&(member=uid=z3cko,ou=users,dc=p1ng,dc=net)(objectClass=top)(objectClass=customGroup)) > > > > > > > > Umm... > > > > Do you (or someone) know how to write a filter that include > > > > '=' character in attribute value? Should we escape that? > > > > > > > > > ps: maybe you should apply the patch you sent me to trunk, makes > > > > > debugging easier ;) > > > > > > > > I hope so but I'm not a maintainer of Net::LDAP. :X > > > > > > > > > > > > Thanks, > > > > -- > > > > kou > > > > _______________________________________________ > > > > Ruby-activeldap-discuss mailing list > > > > Ruby-activeldap-discuss at rubyforge.org > > > > http://rubyforge.org/mailman/listinfo/ruby-activeldap-discuss > > > > > > > _______________________________________________ > > > Ruby-activeldap-discuss mailing list > > > Ruby-activeldap-discuss at rubyforge.org > > > http://rubyforge.org/mailman/listinfo/ruby-activeldap-discuss > > _______________________________________________ > > Ruby-activeldap-discuss mailing list > > Ruby-activeldap-discuss at rubyforge.org > > http://rubyforge.org/mailman/listinfo/ruby-activeldap-discuss > _______________________________________________ > Ruby-activeldap-discuss mailing list > Ruby-activeldap-discuss at rubyforge.org > http://rubyforge.org/mailman/listinfo/ruby-activeldap-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://rubyforge.org/pipermail/ruby-activeldap-discuss/attachments/20070620/ba899862/attachment-0001.html From kou at cozmixng.org Wed Jun 20 07:37:13 2007 From: kou at cozmixng.org (Kouhei Sutou) Date: Wed, 20 Jun 2007 20:37:13 +0900 (JST) Subject: [Ruby-activeldap-discuss] problems with 0.8.2 and net-ldap: invalid filter syntax In-Reply-To: <907f43920706200423p72c0e6f6ua1726dd31c50aa15@mail.gmail.com> References: <20070620.200349.128082994.kou@cozmixng.org> <20070620.201548.69785362.kou@cozmixng.org> <907f43920706200423p72c0e6f6ua1726dd31c50aa15@mail.gmail.com> Message-ID: <20070620.203713.187154596.kou@cozmixng.org> Hi, > On 6/20/07, Kouhei Sutou wrote: > > > > so there was no solution for this? is it an activeldap-bug? > > > > If you tell me a LDAP filter notation that uses "=" and "," > > in filter value, I'll implement. You can use other LDAP > > tools like ldapsearch to test LDAP filter notation. > > I think we should escape "=" and "," in the LDAP filter: > (&(member=uid=z3cko,ou=users,dc=p1ng,dc=net)(objectClass=top)(objectClass > =customGroup)) > > To esacpe the "=" character use \3D. Example: uid==test would be uid=\3Dtest. > But I didn't find a complete list with all special characters... works with > OpenLDAP. Thanks! But I notice that we need to escape "=" and ",". We can use them without escaping. m.zeckinger, is your LdapGroup really have DN value in member field? Your definition of LdapGroup is the following: class LdapGroup < ActiveLdap::Base ldap_mapping :dn_attribute => "cn", :classes => ['top','customGroup'], :prefix => "ou=Groups" has_many :members, :class => "LdapUser", :wrap => "member" end If your LdapGroup's "member" has DN values of LdapUser, you need to add ':primary_key => "dn"' option: has_many :members, :class => "LdapUser", :wrap => "member", :primary_key => "dn" Thanks, -- kou From kou at cozmixng.org Wed Jun 20 07:39:36 2007 From: kou at cozmixng.org (Kouhei Sutou) Date: Wed, 20 Jun 2007 20:39:36 +0900 (JST) Subject: [Ruby-activeldap-discuss] problems with 0.8.2 and net-ldap: invalid filter syntax In-Reply-To: <20070620.203713.187154596.kou@cozmixng.org> References: <20070620.201548.69785362.kou@cozmixng.org> <907f43920706200423p72c0e6f6ua1726dd31c50aa15@mail.gmail.com> <20070620.203713.187154596.kou@cozmixng.org> Message-ID: <20070620.203936.37612309.kou@cozmixng.org> > > On 6/20/07, Kouhei Sutou wrote: > > > > > > so there was no solution for this? is it an activeldap-bug? > > > > > > If you tell me a LDAP filter notation that uses "=" and "," > > > in filter value, I'll implement. You can use other LDAP > > > tools like ldapsearch to test LDAP filter notation. > > > > I think we should escape "=" and "," in the LDAP filter: > > (&(member=uid=z3cko,ou=users,dc=p1ng,dc=net)(objectClass=top)(objectClass > > =customGroup)) > > > > To esacpe the "=" character use \3D. Example: uid==test would be uid=\3Dtest. > > But I didn't find a complete list with all special characters... works with > > OpenLDAP. > > Thanks! But I notice that we need to escape "=" and ",". We > can use them without escaping. Yes, we can use "\3D" to escape "=". ..OK I'll always escape "=". Christoph, thanks! -- kou From kou at cozmixng.org Wed Jun 20 08:02:09 2007 From: kou at cozmixng.org (Kouhei Sutou) Date: Wed, 20 Jun 2007 21:02:09 +0900 (JST) Subject: [Ruby-activeldap-discuss] problems with 0.8.2 and net-ldap: invalid filter syntax In-Reply-To: <20070620.203936.37612309.kou@cozmixng.org> References: <907f43920706200423p72c0e6f6ua1726dd31c50aa15@mail.gmail.com> <20070620.203713.187154596.kou@cozmixng.org> <20070620.203936.37612309.kou@cozmixng.org> Message-ID: <20070620.210209.73772388.kou@cozmixng.org> > > > > > so there was no solution for this? is it an activeldap-bug? > > > > > > > > If you tell me a LDAP filter notation that uses "=" and "," > > > > in filter value, I'll implement. You can use other LDAP > > > > tools like ldapsearch to test LDAP filter notation. > > > > > > I think we should escape "=" and "," in the LDAP filter: > > > (&(member=uid=z3cko,ou=users,dc=p1ng,dc=net)(objectClass=top)(objectClass > > > =customGroup)) > > > > > > To esacpe the "=" character use \3D. Example: uid==test would be uid=\3Dtest. > > > But I didn't find a complete list with all special characters... works with > > > OpenLDAP. > > > > Thanks! But I notice that we need to escape "=" and ",". We > > can use them without escaping. > > Yes, we can use "\3D" to escape "=". > ..OK I'll always escape "=". But Net::LDAP's filter parser can't accept "\XX" syntax. This is a bug of Net::LDAP not ActiveLdap. I've sent a patch to fix the bug to the maintainer of Net::LDAP. Thanks, -- kou From christoph.lipp at gmail.com Thu Jun 21 02:08:56 2007 From: christoph.lipp at gmail.com (Christoph Lipp) Date: Thu, 21 Jun 2007 08:08:56 +0200 Subject: [Ruby-activeldap-discuss] Stronger authentication needed, but how can I set a new connection on the object? In-Reply-To: <20070620.200801.227014694.kou@cozmixng.org> References: <907f43920706182242l55de0791p4d062375e2167a60@mail.gmail.com> <20070620.200801.227014694.kou@cozmixng.org> Message-ID: <907f43920706202308q17d908c9h9178f26b8bd9a5e9@mail.gmail.com> Hi thanks a lot for your reply. But it didn't work somehow. Now I make something like this: def authenticated_user_class u_class = User.clone u_class.establish_connection(get_ldap_config) return u_class end private # Get authenticated ldap config def get_ldap_config config = ActiveLdap::Base.configuration config[:bind_dn] = User.find(session[:user].to_s).dn config[:password_block] = Proc.new { session[:password].to_s } config[:allow_anonymous] = false return config end So every time I have to change something on a user I use authenticated_user_class. Example: me = authenticated_user_class.find('d7lippc') The rest is all the same, me.givenName, me.sn etc. That works for me. Thanks and regards, Christoph On 6/20/07, Kouhei Sutou wrote: > > Hi, > > > I'm using ruby-activeldap to build an administration interface for our > ldap > > directory. It's almost finished, but now I've got a big problem. Or > perhaps I > > just don't see the solution. > > > > Background: > > I'm using ruby-activeldap with Rails, hope you guys know it. > > > > My Problem: > > In my environment.rb I have a establish_connection method call, it > connects > > anonymously to our directory. > > The application has two functionalities: 1. Search the directory, 2. > > Administrative tasks. Number one doesn't need an authentication but > number two > > does. > > Now everything's done with anonymous login. Every search and so on. But > now, of > > course, I get some "Stronger authentication" messages 'cause of our ldap > > settings. That's good, no problem, but somehow I should give a new > connection > > (authenticated with username and password) to the ldap object ? I mean, > theres > > an object, with insufficient rights, but how can I change that? > > I saw a similar question. ActiveLdap supports multiple > connections. You can keep a connection per class. There is a > simple example in documentation: > > ==== Juggling multiple LDAP connections > > In the same vein as the last tip, you can use multiple LDAP connections > by > per class as follows: > > irb> anon_class = Class.new(Base) > => ... > irb> anon_class.establish_connection > => ... > irb> auth_class = Class.new(Base) > => ... > irb> auth_class.establish_connection(:password_block => {'mypass'}) > => ... > > This can be useful for doing authentication tests and other such tricks. > > > m.zeckinger's example code that was showed a week ago will > help you too. > > > Thanks, > -- > kou > _______________________________________________ > Ruby-activeldap-discuss mailing list > Ruby-activeldap-discuss at rubyforge.org > http://rubyforge.org/mailman/listinfo/ruby-activeldap-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://rubyforge.org/pipermail/ruby-activeldap-discuss/attachments/20070621/6201136e/attachment.html From christoph.lipp at gmail.com Fri Jun 22 02:06:35 2007 From: christoph.lipp at gmail.com (Christoph Lipp) Date: Fri, 22 Jun 2007 08:06:35 +0200 Subject: [Ruby-activeldap-discuss] find(sort_by, order) behaviour Message-ID: <907f43920706212306i18094a50g12cf0d294f1d5cd5@mail.gmail.com> Hi all I've got a problem with this: User.find(:all, :sort_by => 'cn', :order => 'asc') It works fine, but the output is a bit strange: Andros Customersupport Human Resources IPC 2. Level Support Jobs Spareparts Support Customer Support HCOM WDS Marketin itas Is somebody able to explain me why itas is at the last position? Thanks, Christoph -------------- next part -------------- An HTML attachment was scrubbed... URL: http://rubyforge.org/pipermail/ruby-activeldap-discuss/attachments/20070622/e1355048/attachment.html From kou at cozmixng.org Fri Jun 22 02:22:39 2007 From: kou at cozmixng.org (Kouhei Sutou) Date: Fri, 22 Jun 2007 15:22:39 +0900 Subject: [Ruby-activeldap-discuss] find(sort_by, order) behaviour In-Reply-To: <907f43920706212306i18094a50g12cf0d294f1d5cd5@mail.gmail.com> References: <907f43920706212306i18094a50g12cf0d294f1d5cd5@mail.gmail.com> Message-ID: Hi, 2007/6/22, Christoph Lipp : > It works fine, but the output is a bit strange: > > Andros > Customersupport > Human Resources > IPC 2. Level Support > Jobs > Spareparts > Support Customer > Support HCOM > WDS Marketin > itas > > > Is somebody able to explain me why itas is at the last position? % ruby -e 'p "A"[0]; p "i"[0]' 65 105 % ruby -e 'p ["A", "i", "Z", "z"].sort' ["A", "Z", "i", "z"] Thanks, -- kou From christoph.lipp at gmail.com Fri Jun 22 02:55:44 2007 From: christoph.lipp at gmail.com (Christoph Lipp) Date: Fri, 22 Jun 2007 08:55:44 +0200 Subject: [Ruby-activeldap-discuss] find(sort_by, order) behaviour In-Reply-To: References: <907f43920706212306i18094a50g12cf0d294f1d5cd5@mail.gmail.com> Message-ID: <907f43920706212355w21d975ady59bfeb08909aff64@mail.gmail.com> Alright! Thanks, kou. On 6/22/07, Kouhei Sutou wrote: > > Hi, > > 2007/6/22, Christoph Lipp : > > > It works fine, but the output is a bit strange: > > > > Andros > > Customersupport > > Human Resources > > IPC 2. Level Support > > Jobs > > Spareparts > > Support Customer > > Support HCOM > > WDS Marketin > > itas > > > > > > Is somebody able to explain me why itas is at the last position? > > % ruby -e 'p "A"[0]; p "i"[0]' > 65 > 105 > % ruby -e 'p ["A", "i", "Z", "z"].sort' > ["A", "Z", "i", "z"] > > Thanks, > -- > kou > _______________________________________________ > Ruby-activeldap-discuss mailing list > Ruby-activeldap-discuss at rubyforge.org > http://rubyforge.org/mailman/listinfo/ruby-activeldap-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://rubyforge.org/pipermail/ruby-activeldap-discuss/attachments/20070622/14c67f2f/attachment.html From automatthew at gmail.com Tue Jun 26 17:35:28 2007 From: automatthew at gmail.com (Matthew King) Date: Tue, 26 Jun 2007 16:35:28 -0500 Subject: [Ruby-activeldap-discuss] Redefining eql? and hash to make uniq work Message-ID: <8C06F15D-B7D7-40BD-ADA5-210679A627C2@gmail.com> ActiveLdap::Base currently redefines ==, eql?, and hash in the same manner as ActiveRecord::Base and for the same reason: to make Ruby accept that two objects of the same type and dn are the same object. I naively assumed that this would work with records retrieved using belongs_to associations, but it doesn't appear to. Monkeypatching ActiveLdap::Association::Proxy with the redefinitions seems to work, but I'm not sure whether this is a dumb thing to do. From bugnthecode at gmail.com Tue Jun 26 18:40:00 2007 From: bugnthecode at gmail.com (Will Smith) Date: Tue, 26 Jun 2007 15:40:00 -0700 Subject: [Ruby-activeldap-discuss] Rails integration Message-ID: Hi all, I've recently discovered Active Ldap, and have been experimenting with it for a few days. I have gotten connections into my ldap server, and can perform queries, and all thing necessary. Now that I am trying to integrate this with Rails, I'm getting an error. The error happens the first time I call a class level method on an extension (class that extends ActiveLdap::Base). The error is an ActiveLdap::ConnectionError and has this text "development connection is not configured". I did some searching and saw some mention of a file that goes in config/ called ldap.yml which should define connection information, but even after setting this file up, it still would not connect. The stack trace is as follows: C:/ruby/lib/ruby/gems/1.8/gems/ruby-activeldap-0.8.2/lib/active_ldap/configuration.rb:59:in `ensure_configuration' C:/ruby/lib/ruby/gems/1.8/gems/ruby-activeldap-0.8.2/lib/active_ldap/connection.rb:99:in `establish_connection' C:/ruby/lib/ruby/gems/1.8/gems/ruby-activeldap-0.8.2/lib/active_ldap/base.rb:248:in `establish_connection' Originally when developing my little module I let it use the defaults in my configuration.rb file that is setup when you install active ldap. Any help is greatly appreciated. Thanks, Will -------------- next part -------------- An HTML attachment was scrubbed... URL: http://rubyforge.org/pipermail/ruby-activeldap-discuss/attachments/20070626/c79dd9d1/attachment.html From christoph.lipp at gmail.com Wed Jun 27 01:21:54 2007 From: christoph.lipp at gmail.com (Christoph Lipp) Date: Wed, 27 Jun 2007 07:21:54 +0200 Subject: [Ruby-activeldap-discuss] Rails integration In-Reply-To: References: Message-ID: <907f43920706262221wd4ce7dq3cd91e1f4dd1024d@mail.gmail.com> Hi Will If you get the source code from http://code.google.com/p/ruby-activeldap/source then you've got a folder called rails/plugin/active_ldap . Copy the active_ldap directory into the vendor/plugins directory. There's an init.rb file, which reads the config/ldap.yml and calls the establish_connection method. Best regards, Christoph On 6/27/07, Will Smith wrote: > > Hi all, I've recently discovered Active Ldap, and have been experimenting > with it for a few days. I have gotten connections into my ldap server, and > can perform queries, and all thing necessary. Now that I am trying to > integrate this with Rails, I'm getting an error. The error happens the first > time I call a class level method on an extension (class that extends > ActiveLdap::Base). The error is an ActiveLdap::ConnectionError and has this > text "development connection is not configured". I did some searching and > saw some mention of a file that goes in config/ called ldap.yml which > should define connection information, but even after setting this file up, > it still would not connect. > > The stack trace is as follows: > > C:/ruby/lib/ruby/gems/1.8/gems/ruby-activeldap-0.8.2/lib/active_ldap/configuration.rb:59:in `ensure_configuration' > C:/ruby/lib/ruby/gems/1.8/gems/ruby-activeldap-0.8.2/lib/active_ldap/connection.rb:99:in `establish_connection' > > C:/ruby/lib/ruby/gems/1.8/gems/ruby-activeldap-0.8.2/lib/active_ldap/base.rb:248:in `establish_connection' > > > Originally when developing my little module I let it use the defaults in > my configuration.rb file that is setup when you install active ldap. > > Any help is greatly appreciated. > Thanks, > Will > > _______________________________________________ > Ruby-activeldap-discuss mailing list > Ruby-activeldap-discuss at rubyforge.org > http://rubyforge.org/mailman/listinfo/ruby-activeldap-discuss > > -- Christoph Lipp Hauptstr. 4 5618 Bettwil Mobil: 0797858932 Home-Tel: 0325104753 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://rubyforge.org/pipermail/ruby-activeldap-discuss/attachments/20070627/5f3b156d/attachment.html From kou at cozmixng.org Wed Jun 27 08:11:28 2007 From: kou at cozmixng.org (Kouhei Sutou) Date: Wed, 27 Jun 2007 21:11:28 +0900 (JST) Subject: [Ruby-activeldap-discuss] Redefining eql? and hash to make uniq work In-Reply-To: <8C06F15D-B7D7-40BD-ADA5-210679A627C2@gmail.com> References: <8C06F15D-B7D7-40BD-ADA5-210679A627C2@gmail.com> Message-ID: <20070627.211128.120286511.kou@cozmixng.org> Hi, In <8C06F15D-B7D7-40BD-ADA5-210679A627C2 at gmail.com> "[Ruby-activeldap-discuss] Redefining eql? and hash to make uniq work" on Tue, 26 Jun 2007 16:35:28 -0500, Matthew King wrote: > ActiveLdap::Base currently redefines ==, eql?, and hash in the same > manner as ActiveRecord::Base and for the same reason: to make Ruby > accept that two objects of the same type and dn are the same object. > > I naively assumed that this would work with records retrieved using > belongs_to associations, but it doesn't appear to. > > Monkeypatching ActiveLdap::Association::Proxy with the redefinitions > seems to work, but I'm not sure whether this is a dumb thing to do. You can use proxy_object === real_object or proxy_object.target == real_object for that. I think it's a bit strange that proxy_object == real_object is true. Yes, I think proxy object should be transparent as much as possible too but an proxy object's equality should be done for the proxy object not for target object of proxy object. I think using '===' is the best solution for your case. Thanks, -- kou