[Ruby-activeldap-discuss] Problem with multiple LDAP connections on Rails.

Richard 3 Nicholas NICHOLR3 at uk.ibm.com
Fri Feb 8 06:51:50 EST 2008 

Development...

Processing UserController#search (for 127.0.0.1 at 2008-02-08 11:25:03) 
[POST]
  Session ID: 
BAh7CDoMY3NyZl9pZCIlOWI5ZTc0Zjk1OTJmMTM1OGExMDk0YTU3MjlkMjFm%0ANTQ6D2xhc3RzZWFyY2giDFJpY2hhcmQiCmZsYXNoSUM6J0FjdGlvbkNvbnRy%0Ab2xsZXI6OkZsYXNoOjpGbGFzaEhhc2h7AAY6CkB1c2VkewA%3D--db7f5afe3f0186f2a3e490cf7803b9604bdadd63
  Parameters: 
{"authenticity_token"=>"75338acb88e3d914a3d67bd67f73e053d471bd55", 
"action"=>"search", "search_name"=>"Richard G N", "controller"=>"user"}
Attempting to reconnect
Bound by simple as cn=REDACTED,ou=REDACTED,o=REDACTED
Rendered user/_search_results (0.01600)
Completed in 5.50800 (0 reqs/sec) | Rendering: 0.01600 (0%) | 200 OK 
[http://127.0.0.1/user/search]


Processing UserController#show (for 127.0.0.1 at 2008-02-08 11:25:17) 
[GET]
  Session ID: 
BAh7CDoMY3NyZl9pZCIlOWI5ZTc0Zjk1OTJmMTM1OGExMDk0YTU3MjlkMjFm%0ANTQ6D2xhc3RzZWFyY2giEFJpY2hhcmQgRyBOIgpmbGFzaElDOidBY3Rpb25D%0Ab250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--75a55a1b08a4362680ab558884bb3fa0c8094443
  Parameters: {"action"=>"show", "id"=>"1125523043671", 
"controller"=>"user"}
Attempting to reconnect
Bound by simple as cn=REDACTED,ou=REDACTED,o=REDACTED
Attempting to reconnect
Bound by simple as cn=REDACTED,ou=REDACTED,o=REDACTED
Rendering template within layouts/user
Rendering user/show
Completed in 12.32100 (0 reqs/sec) | Rendering: 1.02300 (8%) | 200 OK 
[http://127.0.0.1/user/show/1125523043671]

Same code, same searches in production mode:

Processing UserController#search (for 127.0.0.1 at 2008-02-08 11:26:36) 
[POST]
  Session ID: 
BAh7CDoMY3NyZl9pZCIlOWI5ZTc0Zjk1OTJmMTM1OGExMDk0YTU3MjlkMjFm%0ANTQ6D2xhc3RzZWFyY2giEFJpY2hhcmQgRyBOIgpmbGFzaElDOidBY3Rpb25D%0Ab250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--75a55a1b08a4362680ab558884bb3fa0c8094443
  Parameters: 
{"authenticity_token"=>"75338acb88e3d914a3d67bd67f73e053d471bd55", 
"action"=>"search", "search_name"=>"Richard G N", "controller"=>"user"}
Bound by simple as cn=REDACTED,ou=REDACTED,o=REDACTED
Completed in 4.97200 (0 reqs/sec) | Rendering: 0.00000 (0%) | 200 OK 
[http://127.0.0.1/user/search]

Processing UserController#show (for 127.0.0.1 at 2008-02-08 11:26:47) 
[GET]
  Session ID: 
BAh7CDoMY3NyZl9pZCIlOWI5ZTc0Zjk1OTJmMTM1OGExMDk0YTU3MjlkMjFm%0ANTQ6D2xhc3RzZWFyY2giEFJpY2hhcmQgRyBOIgpmbGFzaElDOidBY3Rpb25D%0Ab250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--75a55a1b08a4362680ab558884bb3fa0c8094443
  Parameters: {"action"=>"show", "id"=>"1125523043671", 
"controller"=>"user"}
Bound by simple as cn=REDACTED,ou=REDACTED,o=REDACTED
Ignore error ActiveLdap::LdapError::NoSuchObject(No Such Object): filter 
(&(uid=1125523043671)(objectClass=top)): attributes: []
Rendering template within layouts/user
Rendering user/show
Ignore error ActiveLdap::LdapError::NoSuchObject(No Such Object): filter 
(&(uid=1125523043671)(objectClass=top)): attributes: []
Completed in 0.78700 (1 reqs/sec) | Rendering: 0.09400 (11%) | 200 OK 
[http://127.0.0.1/user/show/1125523043671]

I've obscured the user names, but the same account path + password is used 
for binding across both trees, so seeing the usernames doesn't tell you 
anything.

At a guess the issue is to do with the two binds in development vs. one 
bind in production.   Ideally I'd like to leave both connections bound all 
the time for performance reasons though.  I think the IvaultUser search is 
being run against the MetaUser binding.

Basically what is happening is 1st I'm looking up my name in a list, then 
clicking through to get details of my ID (uid=1125523043671)  What I see 
on screen in Rails production mode are my details from MetaUser and 
nothing from IvaultUser.  In Development mode I see the full details.   I 
have the exactly the same problem as when the binds were in 
/vendor/plugins/active_ldap/init.rb ....

  ActiveLdap::Base.establish_connection
  MetaUser.establish_connection( "meta_#{RAILS_ENV}" )

Richard Nicholas

PS A word of warning for anybody who wants to use Net::LDAP The filter 
checking is very broken.  It rejects most of the sample LDAP searches in 
the LDAP Filter RFC.





Kouhei Sutou <kou at cozmixng.org> 
Sent by: ruby-activeldap-discuss-bounces at rubyforge.org
08/02/2008 10:48

To
ruby-activeldap-discuss at rubyforge.org
cc

Subject
Re: [Ruby-activeldap-discuss] Problem with multiple LDAP connections on 
Rails.






Hi,

In <OFC349B9EF.5D099441-ON802573E8.004B9F45-802573E8.00527CC9 at uk.ibm.com>
  "Re: [Ruby-activeldap-discuss] Problem with multiple LDAP connections on 
Rails." on Thu, 7 Feb 2008 15:00:57 +0000,
  Richard 3 Nicholas <NICHOLR3 at uk.ibm.com> wrote:

> 
> OK. It is best that I explain the problem we are trying to solve.  We 
have a
> directory called Meta that contains an entry every user in a 
organisation. One
> user object to one living breathing person.  We have a directory called 
iVault,
> which has one user account for every account (linked via Novell dirxml) 
on
> every other computer system in the organisation.   The accounts are 
linked
> together by having the iVault UID set to match the Meta UID.   The idea 
is that
> we look at somebody and read off his or her computer accounts by using
> @user.accounts
> 
> A sample of the calling code:
> 
> <em>User name</em><br/>
> <b><%= @user.cn %></b><br/>
> <em>Linked accounts</em><br/>
> <table width="95%">
> <% @user.accounts.each do |acc| -%>
>   <tr>
>     <td width = "15%"><b><%= h acc.cn %></b></td>
>    <td width = "15%"><b><%= h acc.ou %></b></td>
>   </tr>
> <% end -%>
> </table>

Thanks for details.
Could you show us what error is caused by the above code?


Thanks,
--
kou
_______________________________________________
Ruby-activeldap-discuss mailing list
Ruby-activeldap-discuss at rubyforge.org
http://rubyforge.org/mailman/listinfo/ruby-activeldap-discuss







Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number 
741598. 
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU





-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://rubyforge.org/pipermail/ruby-activeldap-discuss/attachments/20080208/12cd1dcd/attachment-0001.html

More information about the Ruby-activeldap-discuss mailing list