From MR-Mencel at wiu.edu Wed Sep 2 15:45:23 2009 From: MR-Mencel at wiu.edu (MR-Mencel at wiu.edu) Date: Wed, 2 Sep 2009 14:45:23 -0500 (CDT) Subject: [activeldap-discuss] Support for LDAP Password Policies? In-Reply-To: <177353317.1666991251920658966.JavaMail.root@zcs10> Message-ID: <461066229.1667191251920723169.JavaMail.root@zcs10> Looking through the ActiveLDAP library...I don't see that password policies are supported yet (see the PERL example here for info)... http://search.cpan.org/~gbarr/perl-ldap/lib/Net/LDAP/Control/PasswordPolicy.pm We've been discussing implementing password policies in our LDAP directory. What steps would need to be taken to support password policies in the Ruby ActiveLDAP library? Specifically for us would be the ability to notify the user in three cases when they login to a Ruby/Rails app... - That their password expires in X days (7 or less) - Once they pass expiration...that they have X grace logins left - Once they use up their grace logins...tell them their account is locked. Matt From MR-Mencel at wiu.edu Tue Sep 8 17:02:53 2009 From: MR-Mencel at wiu.edu (Matt Mencel) Date: Tue, 8 Sep 2009 16:02:53 -0500 (CDT) Subject: [activeldap-discuss] Using Cucumber with ActiveLdap Message-ID: <2038422729.485401252443773183.JavaMail.root@zcs10> Just starting with Cucumber. I've got the ActiveLdap gem in my applications and it's causing an issue. I have created one feature and it won't run. Here's the feature and the error that I get. ## manage_users.feature Feature: Manage users feature In order to value As a facilitator I want to view a list of users Scenario: User List Given I have users named Matt, Brad When I go to the list of users Then I should see 'Matt' And I should see 'Brad' ## cucumber features/manage_users.feature cucumber connection is not configured (ActiveLdap::ConnectionError) /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/gems/1.8/gems/activeldap-1.1.0/lib/active_ldap/configuration.rb:69:in `ensure_configuration' /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/gems/1.8/gems/activeldap-1.1.0/lib/active_ldap/connection.rb:145:in `setup_connection' /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/gems/1.8/gems/activeldap-1.1.0/lib/active_ldap/base.rb:365:in `setup_connection' /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/gems/1.8/gems/activeldap-1.1.0/rails/init.rb:16:in `evaluate_init_rb' /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/gems/1.8/gems/rails-2.3.2/lib/rails/plugin.rb:146:in `evaluate_init_rb' /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/gems/1.8/gems/activesupport-2.3.2/lib/active_support/core_ext/kernel/reporting.rb:11:in `silence_warnings' /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/gems/1.8/gems/rails-2.3.2/lib/rails/plugin.rb:142:in `evaluate_init_rb' /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/gems/1.8/gems/rails-2.3.2/lib/rails/plugin.rb:48:in `load' /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/gems/1.8/gems/rails-2.3.2/lib/rails/plugin/loader.rb:38:in `load_plugins' /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/gems/1.8/gems/rails-2.3.2/lib/rails/plugin/loader.rb:37:in `each' /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/gems/1.8/gems/rails-2.3.2/lib/rails/plugin/loader.rb:37:in `load_plugins' /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/gems/1.8/gems/rails-2.3.2/lib/initializer.rb:348:in `load_plugins' /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/gems/1.8/gems/rails-2.3.2/lib/initializer.rb:163:in `process' /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/gems/1.8/gems/rails-2.3.2/lib/initializer.rb:113:in `send' /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/gems/1.8/gems/rails-2.3.2/lib/initializer.rb:113:in `run' /var/www/rails/bjw101stuff/cma/config/environment.rb:9 /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:31:in `gem_original_require' /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:31:in `polyglot_original_require' /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/gems/1.8/gems/polyglot-0.2.8/lib/polyglot.rb:68:in `require' ./features/support/env.rb:3 /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:31:in `gem_original_require' /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:31:in `polyglot_original_require' /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/gems/1.8/gems/polyglot-0.2.8/lib/polyglot.rb:68:in `require' /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/gems/1.8/gems/cucumber-0.3.99/bin/../lib/cucumber/rb_support/rb_language.rb:101:in `load_code_file' /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/gems/1.8/gems/cucumber-0.3.99/bin/../lib/cucumber/rb_support/rb_language.rb:46:in `step_definitions_for' /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/gems/1.8/gems/cucumber-0.3.99/bin/../lib/cucumber/step_mother.rb:92:in `load_code_file' /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/gems/1.8/gems/cucumber-0.3.99/bin/../lib/cucumber/step_mother.rb:84:in `load_code_files' /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/gems/1.8/gems/cucumber-0.3.99/bin/../lib/cucumber/step_mother.rb:83:in `each' /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/gems/1.8/gems/cucumber-0.3.99/bin/../lib/cucumber/step_mother.rb:83:in `load_code_files' /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/gems/1.8/gems/cucumber-0.3.99/bin/../lib/cucumber/cli/main.rb:56:in `execute!' /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/gems/1.8/gems/cucumber-0.3.99/bin/../lib/cucumber/cli/main.rb:29:in `execute' /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/gems/1.8/gems/cucumber-0.3.99/bin/cucumber:9 /opt/ruby/bin/cucumber:19:in `load' /opt/ruby/bin/cucumber:19 From MR-Mencel at wiu.edu Wed Sep 9 13:05:47 2009 From: MR-Mencel at wiu.edu (Matt Mencel) Date: Wed, 9 Sep 2009 12:05:47 -0500 (CDT) Subject: [activeldap-discuss] Using Cucumber with ActiveLdap In-Reply-To: <2038422729.485401252443773183.JavaMail.root@zcs10> Message-ID: <1703884679.654581252515946962.JavaMail.root@zcs10> I partially figured it out. I had to add a "cucumber:" section to the ldap.yml file. That solved the error below. Thanks, Matt ----- Original Message ----- From: "Matt Mencel" To: "ruby-activeldap-discuss" Sent: Tuesday, September 8, 2009 4:02:53 PM GMT -06:00 US/Canada Central Subject: [activeldap-discuss] Using Cucumber with ActiveLdap Just starting with Cucumber. I've got the ActiveLdap gem in my applications and it's causing an issue. I have created one feature and it won't run. Here's the feature and the error that I get. ## manage_users.feature Feature: Manage users feature In order to value As a facilitator I want to view a list of users Scenario: User List Given I have users named Matt, Brad When I go to the list of users Then I should see 'Matt' And I should see 'Brad' ## cucumber features/manage_users.feature cucumber connection is not configured (ActiveLdap::ConnectionError) /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/gems/1.8/gems/activeldap-1.1.0/lib/active_ldap/configuration.rb:69:in `ensure_configuration' /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/gems/1.8/gems/activeldap-1.1.0/lib/active_ldap/connection.rb:145:in `setup_connection' /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/gems/1.8/gems/activeldap-1.1.0/lib/active_ldap/base.rb:365:in `setup_connection' /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/gems/1.8/gems/activeldap-1.1.0/rails/init.rb:16:in `evaluate_init_rb' /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/gems/1.8/gems/rails-2.3.2/lib/rails/plugin.rb:146:in `evaluate_init_rb' /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/gems/1.8/gems/activesupport-2.3.2/lib/active_support/core_ext/kernel/reporting.rb:11:in `silence_warnings' /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/gems/1.8/gems/rails-2.3.2/lib/rails/plugin.rb:142:in `evaluate_init_rb' /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/gems/1.8/gems/rails-2.3.2/lib/rails/plugin.rb:48:in `load' /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/gems/1.8/gems/rails-2.3.2/lib/rails/plugin/loader.rb:38:in `load_plugins' /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/gems/1.8/gems/rails-2.3.2/lib/rails/plugin/loader.rb:37:in `each' /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/gems/1.8/gems/rails-2.3.2/lib/rails/plugin/loader.rb:37:in `load_plugins' /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/gems/1.8/gems/rails-2.3.2/lib/initializer.rb:348:in `load_plugins' /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/gems/1.8/gems/rails-2.3.2/lib/initializer.rb:163:in `process' /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/gems/1.8/gems/rails-2.3.2/lib/initializer.rb:113:in `send' /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/gems/1.8/gems/rails-2.3.2/lib/initializer.rb:113:in `run' /var/www/rails/bjw101stuff/cma/config/environment.rb:9 /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:31:in `gem_original_require' /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:31:in `polyglot_original_require' /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/gems/1.8/gems/polyglot-0.2.8/lib/polyglot.rb:68:in `require' ./features/support/env.rb:3 /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:31:in `gem_original_require' /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:31:in `polyglot_original_require' /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/gems/1.8/gems/polyglot-0.2.8/lib/polyglot.rb:68:in `require' /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/gems/1.8/gems/cucumber-0.3.99/bin/../lib/cucumber/rb_support/rb_language.rb:101:in `load_code_file' /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/gems/1.8/gems/cucumber-0.3.99/bin/../lib/cucumber/rb_support/rb_language.rb:46:in `step_definitions_for' /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/gems/1.8/gems/cucumber-0.3.99/bin/../lib/cucumber/step_mother.rb:92:in `load_code_file' /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/gems/1.8/gems/cucumber-0.3.99/bin/../lib/cucumber/step_mother.rb:84:in `load_code_files' /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/gems/1.8/gems/cucumber-0.3.99/bin/../lib/cucumber/step_mother.rb:83:in `each' /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/gems/1.8/gems/cucumber-0.3.99/bin/../lib/cucumber/step_mother.rb:83:in `load_code_files' /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/gems/1.8/gems/cucumber-0.3.99/bin/../lib/cucumber/cli/main.rb:56:in `execute!' /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/gems/1.8/gems/cucumber-0.3.99/bin/../lib/cucumber/cli/main.rb:29:in `execute' /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/gems/1.8/gems/cucumber-0.3.99/bin/cucumber:9 /opt/ruby/bin/cucumber:19:in `load' /opt/ruby/bin/cucumber:19 _______________________________________________ ruby-activeldap-discuss mailing list ruby-activeldap-discuss at rubyforge.org http://rubyforge.org/mailman/listinfo/ruby-activeldap-discuss From MR-Mencel at wiu.edu Wed Sep 16 12:11:22 2009 From: MR-Mencel at wiu.edu (Matt Mencel) Date: Wed, 16 Sep 2009 11:11:22 -0500 (CDT) Subject: [activeldap-discuss] Rails 2.3.4 Message-ID: <808927405.841721253117482492.JavaMail.root@zcs10> Will there be an activeldap update for rails-2.3.4 in the near future? There are some recently discovered security problems with older versions of rails. Thanks, Matt From MR-Mencel at wiu.edu Wed Sep 16 14:17:37 2009 From: MR-Mencel at wiu.edu (Matt Mencel) Date: Wed, 16 Sep 2009 13:17:37 -0500 (CDT) Subject: [activeldap-discuss] Rails 2.3.4 In-Reply-To: Message-ID: <141049908.885431253125057545.JavaMail.root@zcs10> Hey Mike, The developers are here and read this mailing list. It's still under active development...they just released 1.1.0 a little over a month ago. It's just not a very active list. Matt ----- Original Message ----- From: "Mike Pence" To: ruby-activeldap-discuss at rubyforge.org Sent: Wednesday, September 16, 2009 12:06:29 PM GMT -06:00 US/Canada Central Subject: Re: [activeldap-discuss] Rails 2.3.4 Yeah, +1 on that. Is the project even under active development? Are they creating tickets under Google code, or managing it elsewhere? On Wed, Sep 16, 2009 at 12:11 PM, Matt Mencel < MR-Mencel at wiu.edu > wrote: Will there be an activeldap update for rails-2.3.4 in the near future? There are some recently discovered security problems with older versions of rails. Thanks, Matt _______________________________________________ ruby-activeldap-discuss mailing list ruby-activeldap-discuss at rubyforge.org http://rubyforge.org/mailman/listinfo/ruby-activeldap-discuss _______________________________________________ ruby-activeldap-discuss mailing list ruby-activeldap-discuss at rubyforge.org http://rubyforge.org/mailman/listinfo/ruby-activeldap-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From kou at cozmixng.org Tue Sep 22 00:52:04 2009 From: kou at cozmixng.org (Kouhei Sutou) Date: Tue, 22 Sep 2009 13:52:04 +0900 (JST) Subject: [activeldap-discuss] [ANN] ActiveLdap 1.2.0 Message-ID: <20090922.135204.891470898181804823.kou@cozmixng.org> Hi, ActiveLdap 1.2.0 has been released! % sudo gem install activeldap NOTE1: This release includes Rails 2.3.4 support. Rails < 2.3.4 have a security problem. You should update to the latest Rails. NOTE2: This release has a backward INCOMPATIBILITY. ActiveLdap::Base#dn and ActiveLdap::Base#base return ActiveLdap::DN object instead of String. You may need to add ".to_s" in your program. ActiveLdap::DN#to_s returns a String represented DN that is the same #dn and #base value of the previous releases. Here are changes from 1.1.0: * Supported Rails 2.3.4. * [IMCOMPATIBLE] [#23932] Inconsistant DN handling in object attributes [Marc Dequ?nes] (ActiveLdap::Base#dn and ActiveLdap::Base#base return ActiveLdap::DN not String) * [#26824] support operational attributes detection [Marc Dequ?nes] (added ActiveLdap::Schema::Attribute#directory_operation?) * [#27] Error saving an ActiveLDAP user [brad at lucky-dip.net] * [#29] Raised on modify_rdn_entry when rdn already exists [Alexey.Chebotar] * Added ActiveLdap::DN.parent. Thanks, -- kou From kou at cozmixng.org Tue Sep 22 01:02:44 2009 From: kou at cozmixng.org (Kouhei Sutou) Date: Tue, 22 Sep 2009 14:02:44 +0900 (JST) Subject: [activeldap-discuss] [ANN] ActiveLdap 1.2.0 In-Reply-To: <20090922.135204.891470898181804823.kou@cozmixng.org> References: <20090922.135204.891470898181804823.kou@cozmixng.org> Message-ID: <20090922.140244.759333884027336708.kou@cozmixng.org> Oops, I forgot to a note. Renaming an entry to other parent tree is only supported in JNDI backend. In <20090922.135204.891470898181804823.kou at cozmixng.org> "[activeldap-discuss] [ANN] ActiveLdap 1.2.0" on Tue, 22 Sep 2009 13:52:04 +0900 (JST), Kouhei Sutou wrote: > Hi, > > ActiveLdap 1.2.0 has been released! > % sudo gem install activeldap > > NOTE1: This release includes Rails 2.3.4 support. > Rails < 2.3.4 have a security problem. You should > update to the latest Rails. > > NOTE2: This release has a backward INCOMPATIBILITY. > ActiveLdap::Base#dn and ActiveLdap::Base#base return > ActiveLdap::DN object instead of String. You may need > to add ".to_s" in your program. ActiveLdap::DN#to_s > returns a String represented DN that is the same > #dn and #base value of the previous releases. > > Here are changes from 1.1.0: > > * Supported Rails 2.3.4. > * [IMCOMPATIBLE] > [#23932] Inconsistant DN handling in object attributes [Marc Dequ?nes] > (ActiveLdap::Base#dn and ActiveLdap::Base#base return > ActiveLdap::DN not String) > * [#26824] support operational attributes detection [Marc Dequ?nes] > (added ActiveLdap::Schema::Attribute#directory_operation?) > * [#27] Error saving an ActiveLDAP user [brad at lucky-dip.net] > * [#29] Raised on modify_rdn_entry when rdn already exists [Alexey.Chebotar] > * Added ActiveLdap::DN.parent. > > > Thanks, > -- > kou > _______________________________________________ > ruby-activeldap-discuss mailing list > ruby-activeldap-discuss at rubyforge.org > http://rubyforge.org/mailman/listinfo/ruby-activeldap-discuss From bowser at fstph.at Thu Sep 24 13:15:08 2009 From: bowser at fstph.at (=?utf-8?B?SsO2cmc=?= Herzinger) Date: Thu, 24 Sep 2009 19:15:08 +0200 Subject: [activeldap-discuss] User doesn't get added to groups Message-ID: <20090924171508.GA28906@kitt> First of all, this is a great Project, I really love it and theres only one problem with it: I seriously lacks dokumentation. :) Ok, I got a working script to add users but these users don't get added to the appropriate groups. Here some snippets. class User < ActiveLdap::Base ldap_mapping :dn_attribute => 'uid', :prefix => 'ou=users', :classes => ['top', 'organizationalPerson', 'inetOrgPerson', 'shadowAccount', 'posixAccount'] belongs_to :groups, :class_name => 'Group', :many => 'memberUid' end class Group < ActiveLdap::Base ldap_mapping :dn_attribute => 'cn', :classes => ['top', 'posixGroup'], :prefix => 'ou=group' has_many :members, :class_name => 'User', :wrap => 'memberUid' # belongs_to :primary_members, :class_name => 'User', :foreign_key => 'gidNumber', :primary_key => 'gidNumber' end usr = User.new(fsler_nick) ... usr.groups = ["users","plugdev","audio","cdrom"] ... usr.save My LDAP Structure looks like this: dn: dc=physik,dc=htu,dc=at objectClass: dcObject objectClass: organization o: Fachschaft Physik dc: physik dn: ou=users,dc=physik,dc=htu,dc=at objectClass: organizationalUnit ou: users dn: uid=someone,ou=users,dc=physik,dc=htu,dc=at objectClass: ... dn: ou=group,dc=physik,dc=htu,dc=at objectClass: organizationalUnit ou: group dn: cn=users,ou=group,dc=physik,dc=htu,dc=at objectClass: top objectClass: posixGroup cn: users gidNumber: 100 memberUid: ... Most of this is from the Documentation, and my user is added to my LDAP structure but not to the groups. What am I dont wrong? so long, J?rg -- #### Random signature thing no. 76 The Fountain Of Aging? Hmm, it is just a legend. Still, they called the Tooth Fairy a legend and now he's head of the FBI. From kou at cozmixng.org Sat Sep 26 08:55:03 2009 From: kou at cozmixng.org (Kouhei Sutou) Date: Sat, 26 Sep 2009 21:55:03 +0900 (JST) Subject: [activeldap-discuss] User doesn't get added to groups In-Reply-To: <20090924171508.GA28906@kitt> References: <20090924171508.GA28906@kitt> Message-ID: <20090926.215503.961853508032827544.kou@cozmixng.org> Hi, In <20090924171508.GA28906 at kitt> "[activeldap-discuss] User doesn't get added to groups" on Thu, 24 Sep 2009 19:15:08 +0200, J?rg Herzinger wrote: > First of all, this is a great Project, I really love it and theres only one problem with it: I seriously lacks dokumentation. :) Thanks. We welcome your contribution! :) > usr = User.new(fsler_nick) > ... > usr.groups = ["users","plugdev","audio","cdrom"] > ... > usr.save You need to pass an array of Group instance not DN attribute value: usr.groups = ["users","plugdev","audio","cdrom"].collect {|name| Group.find(name)} I've changed ActiveLdap in trunk. In trunk, it also accepts DN attribute value. In the next release, your code will work well without modification. Thanks, -- kou From MR-Mencel at wiu.edu Wed Sep 30 13:33:06 2009 From: MR-Mencel at wiu.edu (MR-Mencel at wiu.edu) Date: Wed, 30 Sep 2009 12:33:06 -0500 (CDT) Subject: [activeldap-discuss] Problem with has_many and very large Active Directory groups In-Reply-To: <236589287.686241254331635178.JavaMail.root@zcs10> Message-ID: <1305899588.687711254331986487.JavaMail.root@zcs10> Hi, I'm having a problem with the has_many feature for Active Directory groups. When a group has a smaller number of members, the member attribute looks like this... member CN=My Name,OU=blah,dc=blah,dc=blah However, over a certain number (perhaps 1500) of members, the attribute starts to look like this... member;range=0-1499 CN=My Name,OU=blah,dc=blah,dc=blah My has_many line in the AdGroup class looks like this... has_many :members, :class_name => "AdUser", :wrap => "member", :primary_key => 'distinguishedName' I've tested it with this code and it works fine for the smaller groups... >>> group = AdGroup.find(groupname) group.members.map {|m| puts m.distinguishedName} <<< ...which prints out each of the members. If I use this code with one of the really large groups however, I get this error. >>> ERROR invalid logical operator: "distinguishedName": available operators: [:and, :or, :not, :&, :|] (ArgumentError) <<< I tried changing to this ':wrap => "member;range=0-1499"' in the has_many line, but it returns no results....so I think that is ignored in the query. Any ideas on how to get around this issue? Thanks, Matt From MR-Mencel at wiu.edu Wed Sep 30 15:37:10 2009 From: MR-Mencel at wiu.edu (Matt Mencel) Date: Wed, 30 Sep 2009 14:37:10 -0500 (CDT) Subject: [activeldap-discuss] Active Directory - Using start_tls In-Reply-To: <1305899588.687711254331986487.JavaMail.root@zcs10> Message-ID: <1503547003.737621254339430748.JavaMail.root@zcs10> Hi, I'm trying to modify accounts and groups in Active Directory and it requires th connection to be on port 636. I enabled this param for the connection settings in config/ldap.yml start_tls: true It looks like it's trying it now, but I need to get the correct certificate I guess. Anyone familiar enough with it to know how this works? Assuming I can get the certificate I need, where do I put it so the Rails app will work? Thanks, Matt From MR-Mencel at wiu.edu Wed Sep 30 16:18:37 2009 From: MR-Mencel at wiu.edu (Matt Mencel) Date: Wed, 30 Sep 2009 15:18:37 -0500 (CDT) Subject: [activeldap-discuss] Active Directory - Using start_tls In-Reply-To: <1503547003.737621254339430748.JavaMail.root@zcs10> Message-ID: <2000937386.752381254341917525.JavaMail.root@zcs10> Whoops...spoke too soon. Instead of using 'start_tls: true' in ldap.yml, I used the following to connect via SSL and it worked perfectly... method: ssl Awesome. Thanks, Matt ----- Original Message ----- From: "Matt Mencel" To: ruby-activeldap-discuss at rubyforge.org Sent: Wednesday, September 30, 2009 2:37:10 PM GMT -06:00 US/Canada Central Subject: [activeldap-discuss] Active Directory - Using start_tls Hi, I'm trying to modify accounts and groups in Active Directory and it requires th connection to be on port 636. I enabled this param for the connection settings in config/ldap.yml start_tls: true It looks like it's trying it now, but I need to get the correct certificate I guess. Anyone familiar enough with it to know how this works? Assuming I can get the certificate I need, where do I put it so the Rails app will work? Thanks, Matt _______________________________________________ ruby-activeldap-discuss mailing list ruby-activeldap-discuss at rubyforge.org http://rubyforge.org/mailman/listinfo/ruby-activeldap-discuss From MR-Mencel at wiu.edu Wed Sep 30 17:14:47 2009 From: MR-Mencel at wiu.edu (MR-Mencel at wiu.edu) Date: Wed, 30 Sep 2009 16:14:47 -0500 (CDT) Subject: [activeldap-discuss] Problem with has_many and very large Active Directory groups In-Reply-To: <958966432.772771254345252302.JavaMail.root@zcs10> Message-ID: <2141323318.772981254345287149.JavaMail.root@zcs10> OK....so this code to add members to an existing group is working for small groups, but not for large groups as I can't pull their memberships. >>> def self.add_to_group(user, groupname) group = AdGroup.find(groupname) members = group.members.map{|m| m.distinguishedName} members << AdUser.find(user).distinguishedName group.member = members unless group.save puts "failed" puts group.errors.full_messages exit 1 end end <<< If there is a better way to do this that will work for these larger groups let me know. Thanks, Matt ----- Original Message ----- From: MR-Mencel at wiu.edu To: ruby-activeldap-discuss at rubyforge.org Sent: Wednesday, September 30, 2009 12:33:06 PM GMT -06:00 US/Canada Central Subject: [activeldap-discuss] Problem with has_many and very large Active Directory groups Hi, I'm having a problem with the has_many feature for Active Directory groups. When a group has a smaller number of members, the member attribute looks like this... member CN=My Name,OU=blah,dc=blah,dc=blah However, over a certain number (perhaps 1500) of members, the attribute starts to look like this... member;range=0-1499 CN=My Name,OU=blah,dc=blah,dc=blah My has_many line in the AdGroup class looks like this... has_many :members, :class_name => "AdUser", :wrap => "member", :primary_key => 'distinguishedName' I've tested it with this code and it works fine for the smaller groups... >>> group = AdGroup.find(groupname) group.members.map {|m| puts m.distinguishedName} <<< ...which prints out each of the members. If I use this code with one of the really large groups however, I get this error. >>> ERROR invalid logical operator: "distinguishedName": available operators: [:and, :or, :not, :&, :|] (ArgumentError) <<< I tried changing to this ':wrap => "member;range=0-1499"' in the has_many line, but it returns no results....so I think that is ignored in the query. Any ideas on how to get around this issue? Thanks, Matt _______________________________________________ ruby-activeldap-discuss mailing list ruby-activeldap-discuss at rubyforge.org http://rubyforge.org/mailman/listinfo/ruby-activeldap-discuss From MR-Mencel at wiu.edu Wed Sep 30 17:33:17 2009 From: MR-Mencel at wiu.edu (Matt Mencel) Date: Wed, 30 Sep 2009 16:33:17 -0500 (CDT) Subject: [activeldap-discuss] Problem with has_many and very large Active Directory groups In-Reply-To: <2141323318.772981254345287149.JavaMail.root@zcs10> Message-ID: <673259371.777931254346397051.JavaMail.root@zcs10> So a little digging found me this thread... http://www.mail-archive.com/perl-ldap at perl.org/msg02215.html Looks like I'm going to have to figure out a way to iterate through the large groups in batches of less than 1500... Matt ----- Original Message ----- From: MR-Mencel at wiu.edu To: ruby-activeldap-discuss at rubyforge.org Sent: Wednesday, September 30, 2009 4:14:47 PM GMT -06:00 US/Canada Central Subject: Re: [activeldap-discuss] Problem with has_many and very large Active Directory groups OK....so this code to add members to an existing group is working for small groups, but not for large groups as I can't pull their memberships. >>> def self.add_to_group(user, groupname) group = AdGroup.find(groupname) members = group.members.map{|m| m.distinguishedName} members << AdUser.find(user).distinguishedName group.member = members unless group.save puts "failed" puts group.errors.full_messages exit 1 end end <<< If there is a better way to do this that will work for these larger groups let me know. Thanks, Matt ----- Original Message ----- From: MR-Mencel at wiu.edu To: ruby-activeldap-discuss at rubyforge.org Sent: Wednesday, September 30, 2009 12:33:06 PM GMT -06:00 US/Canada Central Subject: [activeldap-discuss] Problem with has_many and very large Active Directory groups Hi, I'm having a problem with the has_many feature for Active Directory groups. When a group has a smaller number of members, the member attribute looks like this... member CN=My Name,OU=blah,dc=blah,dc=blah However, over a certain number (perhaps 1500) of members, the attribute starts to look like this... member;range=0-1499 CN=My Name,OU=blah,dc=blah,dc=blah My has_many line in the AdGroup class looks like this... has_many :members, :class_name => "AdUser", :wrap => "member", :primary_key => 'distinguishedName' I've tested it with this code and it works fine for the smaller groups... >>> group = AdGroup.find(groupname) group.members.map {|m| puts m.distinguishedName} <<< ...which prints out each of the members. If I use this code with one of the really large groups however, I get this error. >>> ERROR invalid logical operator: "distinguishedName": available operators: [:and, :or, :not, :&, :|] (ArgumentError) <<< I tried changing to this ':wrap => "member;range=0-1499"' in the has_many line, but it returns no results....so I think that is ignored in the query. Any ideas on how to get around this issue? Thanks, Matt _______________________________________________ ruby-activeldap-discuss mailing list ruby-activeldap-discuss at rubyforge.org http://rubyforge.org/mailman/listinfo/ruby-activeldap-discuss _______________________________________________ ruby-activeldap-discuss mailing list ruby-activeldap-discuss at rubyforge.org http://rubyforge.org/mailman/listinfo/ruby-activeldap-discuss