From thermans at gmail.com Mon Apr 6 13:27:52 2009 From: thermans at gmail.com (Tim Hermans) Date: Mon, 6 Apr 2009 13:27:52 -0400 Subject: [activeldap-discuss] unknown objectClass: what am I doing wrong? Message-ID: <4ebad96b0904061027l3ef8bd30g2c74579ac271d97c@mail.gmail.com> I think I'm doing something wrong. Can you help? I get "ActiveLdap::ObjectClassError" on a simple find, even though the classes in my ldap_mapping are all present in the schema. Here's my LDAP tree: DSE root: cn=admin root cn=site umpn=1.555.5550001 objectclass: top objectclass: umphone objectclass: umphonenumber umivrflow: orion umivrvariant: testing umpn: 1.999.9998887 umpnstatus: A umpntype: P Here's the model: class Group < ActiveLdap::Base ldap_mapping :dn_attribute => "umpn", :prefix => "", :classes => ['top', 'umphone', 'umphonenumber'] end Here's the ldap.yml: development: host: ldaphost port: 389 base: cn=site,cn=admin root bind_dn: cn=root password: passwd And here's the backtrace from my console >> Group.find('1.555.5550001').collect ActiveLdap::ObjectClassError: unknown objectClass in LDAP server: top, umphone, umphonenumber from /home/tim/src/targets/vendor/plugins/activeldap-trunk/lib/active_ldap/object_class.rb:69:in `assert_valid_object_class_value' from /home/tim/src/targets/vendor/plugins/activeldap-trunk/lib/active_ldap/object_class.rb:44:in `assert_object_classes' from /home/tim/src/targets/vendor/plugins/activeldap-trunk/lib/active_ldap/object_class.rb:29:in `classes=' from /home/tim/src/targets/vendor/plugins/activeldap-trunk/lib/active_ldap/base.rb:1109:in `initialize_by_ldap_data' from /home/tim/src/targets/vendor/plugins/activeldap-trunk/lib/active_ldap/base.rb:598:in `instantiate_without_callbacks' from /home/tim/src/targets/vendor/plugins/activeldap-trunk/lib/active_ldap/base.rb:597:in `instance_eval' from /home/tim/src/targets/vendor/plugins/activeldap-trunk/lib/active_ldap/base.rb:597:in `instantiate_without_callbacks' from /home/tim/src/targets/vendor/plugins/activeldap-trunk/lib/active_ldap/callbacks.rb:29:in `instantiate' from /home/tim/src/targets/vendor/plugins/activeldap-trunk/lib/active_ldap/operations.rb:239:in `find_every' from /home/tim/src/targets/vendor/plugins/activeldap-trunk/lib/active_ldap/operations.rb:238:in `collect' from /home/tim/src/targets/vendor/plugins/activeldap-trunk/lib/active_ldap/operations.rb:238:in `find_every' from /home/tim/src/targets/vendor/plugins/activeldap-trunk/lib/active_ldap/operations.rb:217:in `find_initial' from /home/tim/src/targets/vendor/plugins/activeldap-trunk/lib/active_ldap/operations.rb:278:in `find_one' from /home/tim/src/targets/vendor/plugins/activeldap-trunk/lib/active_ldap/operations.rb:265:in `find_from_dns' from /home/tim/src/targets/vendor/plugins/activeldap-trunk/lib/active_ldap/operations.rb:211:in `find' from (irb):4 >> As I said, "top", "umphone", and "umphonenumber" are all valid objectclasses in my schema. What am I doing wrong? BTW, I'm using rails 2.3.2, and activeldap-trunk (1.1.0). Thanks! Tim -------------- next part -------------- An HTML attachment was scrubbed... URL: From kou at cozmixng.org Tue Apr 7 07:41:25 2009 From: kou at cozmixng.org (Kouhei Sutou) Date: Tue, 07 Apr 2009 20:41:25 +0900 (JST) Subject: [activeldap-discuss] unknown objectClass: what am I doing wrong? In-Reply-To: <4ebad96b0904061027l3ef8bd30g2c74579ac271d97c@mail.gmail.com> References: <4ebad96b0904061027l3ef8bd30g2c74579ac271d97c@mail.gmail.com> Message-ID: <20090407.204125.886714142522415911.kou@cozmixng.org> Hi, In <4ebad96b0904061027l3ef8bd30g2c74579ac271d97c at mail.gmail.com> "[activeldap-discuss] unknown objectClass: what am I doing wrong?" on Mon, 6 Apr 2009 13:27:52 -0400, Tim Hermans wrote: > I think I'm doing something wrong.? Can you help?? I get > "ActiveLdap::ObjectClassError" on a simple find, even though the classes in my > ldap_mapping are all present in the schema. > > Here's my LDAP tree: > > DSE root: > ??????????????? cn=admin root > ??????????????????????????????????????? cn=site > ??????????????????????????????????????????????????? umpn=1.555.5550001 > ??????????????????????????????????????????????????? objectclass: top > ??????????????????????????????????????????????????? objectclass: umphone > ??????????????????????????????????????????????????? objectclass: umphonenumber > ??????????????????????????????????????????????????? umivrflow: orion > ??????????????????????????????????????????????????? umivrvariant: testing > ??????????????????????????????????????????????????? umpn: 1.999.9998887 > ??????????????????????????????????????????????????? umpnstatus: A > ??????????????????????????????????????????????????? umpntype: P > > Here's the model: > > class Group < ActiveLdap::Base > ? ldap_mapping :dn_attribute => "umpn", > ?????????????? :prefix => "", > ?????????????? :classes => ['top', 'umphone', 'umphonenumber'] > end > > Here's the ldap.yml: > > development: > ?? host: ldaphost > ?? port: 389 > ?? base: cn=site,cn=admin root > ?? bind_dn: cn=root > ?? password: passwd > > And here's the backtrace from my console > >>> Group.find('1.555.5550001').collect > ActiveLdap::ObjectClassError: unknown objectClass in LDAP server: top, umphone, > umphonenumber It seems that ActiveLdap fails to retrieve LDAP schema or parsing retrieved LDAP schema. Now, I've added ActiveLdap::Schema#dump method in trunk. Could you show me your schema? % script/console >> ActiveLdap::Base.schema("/tmp/schema.rb") >> exit /tmp/schema.rb contains your schema. If your schema contains secret information, please send it just me or hide the information. Thanks, -- kou From thermans at gmail.com Thu Apr 9 19:10:46 2009 From: thermans at gmail.com (Tim Hermans) Date: Thu, 9 Apr 2009 19:10:46 -0400 Subject: [activeldap-discuss] unknown objectClass: what am I doing wrong? In-Reply-To: <20090410.001151.1000278277078396670.kou@cozmixng.org> References: <4ebad96b0904080722n5f2fbe07tb861018cf1b9ebfa@mail.gmail.com> <20090408.234257.142076768360024192.kou@cozmixng.org> <4ebad96b0904080845j1cea03f1me332f292afa08418@mail.gmail.com> <20090410.001151.1000278277078396670.kou@cozmixng.org> Message-ID: <4ebad96b0904091610p6940c67ak71a5a4e67c8ce2a8@mail.gmail.com> Thanks again for your help Kou. I am cc'ing the list just so you are not the only one to see my problems :-) Now you will see that I get "ActiveLdap::UnknownAttribute: umpn is unknown attribute" when I do a simple find. "umpn" is a valid attribute in my schema. Here you see my console output: http://gist.github.com/92801 Here is the development log: http://gist.github.com/92803 The backtrace that says "Reconnect to server failed: can't set LDAP protocol version after bind" seems to be just a warning, as it continues on afterwards, and I don't see any console output. Interestingly, the original search seems to have returned quickly and successfully from the server. It's a little cryptic, but here is the LDAP server log of the entire transaction: http://gist.github.com/92805 You will see in line 6 that the result of the search (on line 5) comes back succesfully: "nentries=1" The schema searches log as "FAILED" in the "development.log" but they were actually successful as far as the server was concerned. See lines 15 and 30 of the server log. And ldapsearch on the command line proves this: http://gist.github.com/92810 So I'm not sure what's going on. Regards, Tim P.S. You will also notice that the entire transaction takes almost 2 minutes to complete (the second field in the server log is the timestamp HHMMSSnnn) I wonder why that is? On Thu, Apr 9, 2009 at 11:11 AM, Kouhei Sutou wrote: > Hi, > > > I no longer get that error. But now I get the following: > > (I hope) I've fixed it in trunk. > > Thanks, > -- > kou > -------------- next part -------------- An HTML attachment was scrubbed... URL: From kou at cozmixng.org Sat Apr 11 02:54:16 2009 From: kou at cozmixng.org (Kouhei Sutou) Date: Sat, 11 Apr 2009 15:54:16 +0900 (JST) Subject: [activeldap-discuss] unknown objectClass: what am I doing wrong? In-Reply-To: <4ebad96b0904091610p6940c67ak71a5a4e67c8ce2a8@mail.gmail.com> References: <4ebad96b0904080845j1cea03f1me332f292afa08418@mail.gmail.com> <20090410.001151.1000278277078396670.kou@cozmixng.org> <4ebad96b0904091610p6940c67ak71a5a4e67c8ce2a8@mail.gmail.com> Message-ID: <20090411.155416.782174629573844530.kou@cozmixng.org> Hi, In <4ebad96b0904091610p6940c67ak71a5a4e67c8ce2a8 at mail.gmail.com> "Re: [activeldap-discuss] unknown objectClass: what am I doing wrong?" on Thu, 9 Apr 2009 19:10:46 -0400, Tim Hermans wrote: > Thanks again for your help Kou.? I am cc'ing the list just so you are not the > only one to see my problems :-) > > Now you will see that I get "ActiveLdap::UnknownAttribute: umpn is unknown > attribute" when I do a simple find.? "umpn" is a valid attribute in my schema. > > Here you see my console output:? http://gist.github.com/92801 > > Here is the development log: http://gist.github.com/92803 > > The backtrace that says "Reconnect to server failed: can't set LDAP protocol > version after bind" seems to be just a warning, as it continues on afterwards, > and I don't see any console output. It's strange that unbind is occurred in each operation. I may have fixed it in trunk. > Interestingly, the original search seems to have returned quickly and > successfully from the server.? It's a little cryptic, but here is the LDAP > server log of the entire transaction: http://gist.github.com/92805 > > You will see in line 6 that the result of the search (on line 5) comes back > succesfully: "nentries=1" > > The schema searches log as "FAILED" in the "development.log" but they were > actually successful as far as the server was concerned. See lines 15 and 30 of > the server log. > > And ldapsearch on the command line proves this:? http://gist.github.com/92810 Are you setting timeout? It may not work well. Could you try without timeout configuration? > P.S.? You will also notice that the entire transaction takes almost 2 minutes > to complete (the second field in the server log is the timestamp HHMMSSnnn)? I > wonder why that is? It also a problem timeout, maybe. I may remove fork and signal based timeout mechanism, unless someone fix the implementation nor confirm validity of the implementation. Thanks, -- kou From mortonda at dgrmm.net Tue Apr 14 10:16:33 2009 From: mortonda at dgrmm.net (David Morton) Date: Tue, 14 Apr 2009 09:16:33 -0500 Subject: [activeldap-discuss] is prefix a class variable only? Message-ID: <49E49AC1.2030307@dgrmm.net> I think I finally found a bug n my program that has been irritating me for a long time. The most recent version of activeldap gave me enough debug output to finally nail it. I'm probably doing something wrong again. :P My ldap structure has Clients, Domains, then users: uid=joe,dc=example.com,client=ExampleCorp,ou=Clients,basedn... So for my User class, I have: class User < ActiveLdap::Base ldap_mapping :dn_attribute => 'uid', :prefix => 'ou=Clients', :classes => ['top', 'account', 'posixAccount'] end end simple enough. When I create a new user, I need the base to have the full path. For whatever reason, I did it this way: @user = User.new(params['user']['uid']) @user.prefix = "dc=#{params['user']['dc']},client=#{params['user']['client']},ou=Clients" What I just found out is that the call to prefix changes not just that instance of User, but rather the class prefix. In production mode, the User class is not reloaded, and that prefix persists to the next page request, which is not necessarily looking for users of client ExampleCorp... and causes all sorts of failures. So either that's a bug in ActiveLDAP or I'm setting the initial dn wrong by calling prefix. (I'm suspecting that's a wrong use of prefix) So if that's not the right way, How am I supposed to tell @user to create the new entry deeper in the tree, instead of uid=joe,ou=Clients.... From kou at cozmixng.org Wed Apr 15 09:52:33 2009 From: kou at cozmixng.org (Kouhei Sutou) Date: Wed, 15 Apr 2009 22:52:33 +0900 (JST) Subject: [activeldap-discuss] is prefix a class variable only? In-Reply-To: <49E49AC1.2030307@dgrmm.net> References: <49E49AC1.2030307@dgrmm.net> Message-ID: <20090415.225233.450985659999765427.kou@cozmixng.org> Hi, In <49E49AC1.2030307 at dgrmm.net> "[activeldap-discuss] is prefix a class variable only?" on Tue, 14 Apr 2009 09:16:33 -0500, David Morton wrote: > When I create a new user, I need the base to have the full path. For > whatever reason, I did it this way: > > @user = User.new(params['user']['uid']) > @user.prefix = > "dc=#{params['user']['dc']},client=#{params['user']['client']},ou=Clients" > > What I just found out is that the call to prefix changes not just that > instance of User, but rather the class prefix. In production mode, the > User class is not reloaded, and that prefix persists to the next page > request, which is not necessarily looking for users of client > ExampleCorp... and causes all sorts of failures. There are two bugs. (1) ActiveLdap::Base#prefix= should not change class's prefix. -> I've undef the method in trunk. (2) You should use #base= instead of #prefix=. It'll work well what you expect. :-) Thanks, -- kou From mortonda at dgrmm.net Wed Apr 15 11:13:47 2009 From: mortonda at dgrmm.net (David Morton) Date: Wed, 15 Apr 2009 10:13:47 -0500 Subject: [activeldap-discuss] is prefix a class variable only? In-Reply-To: <20090415.225233.450985659999765427.kou@cozmixng.org> References: <49E49AC1.2030307@dgrmm.net> <20090415.225233.450985659999765427.kou@cozmixng.org> Message-ID: <49E5F9AB.801@dgrmm.net> Kouhei Sutou wrote: > There are two bugs. > > (1) ActiveLdap::Base#prefix= should not change class's > prefix. In the context of a instance, but isn't it also the function that is called when defining the prefix in the class declaration? In that case you do want the class version set, as a default for all future instances. > -> I've undef the method in trunk. > (2) You should use #base= instead of #prefix=. > It'll work well what you expect. :-) lol, ok, I'll try that. I also had previously tried putting the full dn into the new() call: user=User.new("dc=#{params['user']['dc']},client=#{params['user']['client']},ou=Clients,basedn..") Which seems to work now, but the fact that I had commented it out and tried the prefix instead indicates I had a problem with that once. From mortonda at dgrmm.net Wed Apr 15 11:45:04 2009 From: mortonda at dgrmm.net (David Morton) Date: Wed, 15 Apr 2009 10:45:04 -0500 Subject: [activeldap-discuss] is prefix a class variable only? In-Reply-To: <20090415.225233.450985659999765427.kou@cozmixng.org> References: <49E49AC1.2030307@dgrmm.net> <20090415.225233.450985659999765427.kou@cozmixng.org> Message-ID: <49E60100.10804@dgrmm.net> Kouhei Sutou wrote: > (2) You should use #base= instead of #prefix=. > It'll work well what you expect. :-) Hmm, no, it completely ignored that. @user = User.new("uid=#{params['user']['uid']}") @user.base = "dc=#{params['user']['dc']},client=#{params['user']['client']},ou=Clients,dc=example,dc=net" >From the server logs: Apr 15 10:18:40 stargate slapd[5061]: conn=324 op=11 ADD dn="uid=test5 at example.net,ou=Clients,dc=example,dc=net" Apr 15 10:18:40 stargate slapd[5061]: conn=324 op=11 RESULT tag=105 err=50 text=no write access to parent That error is what I expect for that add, as that bound user only has write access to things under: client=Example,ou=Clients,dc=example,dc=net But I do get the right thing with: @user = User.new("uid=#{params['user']['uid']},dc=#{params['user']['dc']},client=#{params['user']['client']},ou=Clients,dc=example,dc=net") Apr 15 10:40:26 stargate slapd[5061]: conn=327 op=11 ADD dn="uid=test5 at example.net,dc=example.net,client=Example,ou=Clients,dc=example,dc=net" Apr 15 10:40:26 stargate slapd[5061]: conn=327 op=11 RESULT tag=105 err=0 text= From kou at cozmixng.org Sat Apr 18 23:52:57 2009 From: kou at cozmixng.org (Kouhei Sutou) Date: Sun, 19 Apr 2009 12:52:57 +0900 (JST) Subject: [activeldap-discuss] is prefix a class variable only? In-Reply-To: <49E5F9AB.801@dgrmm.net> References: <49E49AC1.2030307@dgrmm.net> <20090415.225233.450985659999765427.kou@cozmixng.org> <49E5F9AB.801@dgrmm.net> Message-ID: <20090419.125257.31772762583918787.kou@cozmixng.org> Hi, In <49E5F9AB.801 at dgrmm.net> "Re: [activeldap-discuss] is prefix a class variable only?" on Wed, 15 Apr 2009 10:13:47 -0500, David Morton wrote: >> There are two bugs. >> >> (1) ActiveLdap::Base#prefix= should not change class's >> prefix. > > In the context of a instance, but isn't it also the function that is > called when defining the prefix in the class declaration? In that case > you do want the class version set, as a default for all future instances. ActiveLdap::Base.prefix= is still available. I meant the followings with the method notation: * ClassName#method_name is "'method_name' is an instance method of 'ClassName'". * ClassName.method_name is "'method_name' is a class method of 'ClassName'". >> -> I've undef the method in trunk. >> (2) You should use #base= instead of #prefix=. >> It'll work well what you expect. :-) > > lol, ok, I'll try that. I also had previously tried putting the full dn > into the new() call: > > user=User.new("dc=#{params['user']['dc']},client=#{params['user']['client']},ou=Clients,basedn..") > > Which seems to work now, but the fact that I had commented it out and > tried the prefix instead indicates I had a problem with that once. It was the only recommended way to create an instance that exists in sub tree. But now, #base= is also available. Thanks, -- kou From kou at cozmixng.org Sat Apr 18 23:54:26 2009 From: kou at cozmixng.org (Kouhei Sutou) Date: Sun, 19 Apr 2009 12:54:26 +0900 (JST) Subject: [activeldap-discuss] is prefix a class variable only? In-Reply-To: <49E60100.10804@dgrmm.net> References: <49E49AC1.2030307@dgrmm.net> <20090415.225233.450985659999765427.kou@cozmixng.org> <49E60100.10804@dgrmm.net> Message-ID: <20090419.125426.503074989421788064.kou@cozmixng.org> Hi, In <49E60100.10804 at dgrmm.net> "Re: [activeldap-discuss] is prefix a class variable only?" on Wed, 15 Apr 2009 10:45:04 -0500, David Morton wrote: >> (2) You should use #base= instead of #prefix=. >> It'll work well what you expect. :-) > > Hmm, no, it completely ignored that. Sorry... #base= was buggy. I've fixed it in trunk. > @user = User.new("uid=#{params['user']['uid']}") > @user.base = > "dc=#{params['user']['dc']},client=#{params['user']['client']},ou=Clients,dc=example,dc=net" You need to omit class's base (ou=Clients,dc=example,dc=net in your case): @user = User.new("uid=#{params['user']['uid']}") @user.base = "dc=#{params['user']['dc']},client=#{params['user']['client']}" Thanks, -- kou From kou at cozmixng.org Wed Apr 22 08:36:49 2009 From: kou at cozmixng.org (Kouhei Sutou) Date: Wed, 22 Apr 2009 21:36:49 +0900 (JST) Subject: [activeldap-discuss] patch: activeldap-trunk In-Reply-To: <1240393588.18776.4.camel@localhost> References: <1240393588.18776.4.camel@localhost> Message-ID: <20090422.213649.4959786962513603.kou@cozmixng.org> Hi, In <1240393588.18776.4.camel at localhost> "[activeldap-discuss] patch: activeldap-trunk" on Wed, 22 Apr 2009 10:46:28 +0100, Tiago Fernandes wrote: > /usr/local/lib/site_ruby/1.8/rubygems/source_index.rb:295:in `search': > You have a nil object when you didn't expect it! (NoMethodError) > You might have expected an instance of Array. > The error occurred while evaluating nil.empty? > from /usr/local/lib/site_ruby/1.8/rubygems/source_index.rb:264:in > `find_name' Thanks for reporting. I've fixed it. > I find out that one of the problemas was not having yet configured > ldap.yml (but no warning message was found in the log) and some gem > required_gem_if_need have a missing parameter (i think, second parameter > shouldn't be nil...) Really? It seems that log message is logged when other any exceptions are raised. P.S. You should ack subscription confirmation mail from ML management system. :) Thanks, -- kou From thermans at gmail.com Thu Apr 30 10:13:20 2009 From: thermans at gmail.com (Tim Hermans) Date: Thu, 30 Apr 2009 10:13:20 -0400 Subject: [activeldap-discuss] unknown objectClass: what am I doing wrong? In-Reply-To: <20090411.155416.782174629573844530.kou@cozmixng.org> References: <4ebad96b0904080845j1cea03f1me332f292afa08418@mail.gmail.com> <20090410.001151.1000278277078396670.kou@cozmixng.org> <4ebad96b0904091610p6940c67ak71a5a4e67c8ce2a8@mail.gmail.com> <20090411.155416.782174629573844530.kou@cozmixng.org> Message-ID: <4ebad96b0904300713j1f7fb3d6ub06168aca5b98108@mail.gmail.com> Just to follow up. I never managed to get this to work. Continued to get "ActiveLdap::UnknownAttribute: umpn is unknown attribute". I think it might be a function of my proprietary LDAP server. I ended up abandoning the ActiveRecord style implementation and used Net::LDAP calls instead. I'd love to see this work, and I thank you for your hard work. Keep it up! I'll check back occasionally to see the progress. Thanks, On Sat, Apr 11, 2009 at 2:54 AM, Kouhei Sutou wrote: > Hi, > > In <4ebad96b0904091610p6940c67ak71a5a4e67c8ce2a8 at mail.gmail.com> > "Re: [activeldap-discuss] unknown objectClass: what am I doing wrong?" on > Thu, 9 Apr 2009 19:10:46 -0400, > Tim Hermans wrote: > > > Thanks again for your help Kou. I am cc'ing the list just so you are not > the > > only one to see my problems :-) > > > > Now you will see that I get "ActiveLdap::UnknownAttribute: umpn is > unknown > > attribute" when I do a simple find. "umpn" is a valid attribute in my > schema. > > > > Here you see my console output: http://gist.github.com/92801 > > > > Here is the development log: http://gist.github.com/92803 > > > > The backtrace that says "Reconnect to server failed: can't set LDAP > protocol > > version after bind" seems to be just a warning, as it continues on > afterwards, > > and I don't see any console output. > > It's strange that unbind is occurred in each operation. > I may have fixed it in trunk. > > > Interestingly, the original search seems to have returned quickly and > > successfully from the server. It's a little cryptic, but here is the > LDAP > > server log of the entire transaction: http://gist.github.com/92805 > > > > You will see in line 6 that the result of the search (on line 5) comes > back > > succesfully: "nentries=1" > > > > The schema searches log as "FAILED" in the "development.log" but they > were > > actually successful as far as the server was concerned. See lines 15 and > 30 of > > the server log. > > > > And ldapsearch on the command line proves this: > http://gist.github.com/92810 > > Are you setting timeout? It may not work well. > Could you try without timeout configuration? > > > P.S. You will also notice that the entire transaction takes almost 2 > minutes > > to complete (the second field in the server log is the timestamp > HHMMSSnnn) I > > wonder why that is? > > It also a problem timeout, maybe. > > > I may remove fork and signal based timeout mechanism, unless > someone fix the implementation nor confirm validity of the > implementation. > > > Thanks, > -- > kou > _______________________________________________ > ruby-activeldap-discuss mailing list > ruby-activeldap-discuss at rubyforge.org > http://rubyforge.org/mailman/listinfo/ruby-activeldap-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: