From joerg at oiml.at Sun May 30 03:27:16 2010 From: joerg at oiml.at (=?iso-8859-1?Q?J=F6rg?= Herzinger) Date: Sun, 30 May 2010 09:27:16 +0200 Subject: [activeldap-discuss] GSSAPI connection problems Message-ID: <20100530072716.GA21139@oiml.at> I am trying use some ActiveLDAP scripts with GSSAPI authentication, which always fails at authentication. The scripts worked with simple authentication and are basically your example scripts with some adoptions. What bugs me is, that ldapmodify works with GSSAPI auth on the same machine. ActiveLDAP is version 1.2.1, client system where the scripts are supposed to run on is Ubuntu 9.10, server is Debian Lenny with slapd version 2.4.11-1. Any ideas on why this fails or how I could get debugging Information that helps? thanks in advance... My connect.rb: ActiveLdap::Base.setup_connection( :try_sasl => true, :allow_anonymous => false, :host => 'ldap1', :base => 'dc=somerealm,dc=at' ) % ldapmodify -v -f ldapmod_test_delete_me_soon.txt -H ldap://ldap1 ldap_initialize( ldap://ldap1:389/??base ) SASL/GSSAPI authentication started SASL username: user at SOMEREALM.AT SASL SSF: 56 SASL data security layer installed. replace loginShell: "/bin/zsh" modifying entry "uid=user,ou=people,dc=somerealm,dc=at" modify complete Logs with ldapmodify on ldap1 server: May 28 12:49:17 ldap1 slapd[1696]: conn=256254 fd=183 ACCEPT from IP=192.168.42.42:40306 (IP=0.0.0.0:389) May 28 12:49:17 ldap1 slapd[1696]: conn=256254 op=0 SRCH base="" scope=0 deref=0 filter="(objectClass=*)" May 28 12:49:17 ldap1 slapd[1696]: conn=256254 op=0 SRCH attr=supportedSASLMechanisms May 28 12:49:17 ldap1 slapd[1696]: conn=256254 op=0 SEARCH RESULT tag=101 err=0 nentries=1 text= May 28 12:49:17 ldap1 slapd[1696]: conn=256254 op=1 BIND dn="" method=163 May 28 12:49:17 ldap1 slapd[1696]: conn=256254 op=1 RESULT tag=97 err=14 text=SASL(0): successful result: security flags do not match required May 28 12:49:17 ldap1 slapd[1696]: conn=256254 op=2 BIND dn="" method=163 May 28 12:49:17 ldap1 slapd[1696]: conn=256254 op=2 RESULT tag=97 err=14 text=SASL(0): successful result: security flags do not match required May 28 12:49:17 ldap1 slapd[1696]: conn=256254 op=3 BIND dn="" method=163 May 28 12:49:17 ldap1 slapd[1696]: SASL [conn=256254] Error: unable to open Berkeley db /etc/sasldb2: No such file or directory May 28 12:49:17 ldap1 slapd[1696]: SASL [conn=256254] Error: unable to open Berkeley db /etc/sasldb2: No such file or directory May 28 12:49:17 ldap1 slapd[1696]: conn=256254 op=3 BIND authcid="user" authzid="user" May 28 12:49:17 ldap1 slapd[1696]: conn=256254 op=3 BIND dn="uid=user,ou=people,dc=somerealm,dc=at" mech=GSSAPI sasl_ssf=56 ssf=56 May 28 12:49:17 ldap1 slapd[1696]: conn=256254 op=3 RESULT tag=97 err=0 text= May 28 12:49:17 ldap1 slapd[1696]: conn=256254 op=4 MOD dn="uid=user,ou=people,dc=somerealm,dc=at" May 28 12:49:17 ldap1 slapd[1696]: conn=256254 op=4 MOD attr=loginShell May 28 12:49:17 ldap1 slapd[1696]: conn=256254 op=4 RESULT tag=103 err=0 text= May 28 12:49:17 ldap1 slapd[1696]: conn=256254 op=5 UNBIND May 28 12:49:17 ldap1 slapd[1696]: conn=256254 fd=183 closed % ./useradd.rb -s "/bin/zsh" -m user /var/lib/gems/1.8/gems/activeldap-1.2.1/lib/active_ldap/adapter/base.rb:92:in `bind': All authentication methods for ldap://ldap1 exhausted. (ActiveLdap::AuthenticationError) from /var/lib/gems/1.8/gems/activeldap-1.2.1/lib/active_ldap/adapter/net_ldap.rb:52:in `bind' from /var/lib/gems/1.8/gems/activeldap-1.2.1/lib/active_ldap/adapter/base.rb:53:in `connect' from /var/lib/gems/1.8/gems/activeldap-1.2.1/lib/active_ldap/adapter/net_ldap.rb:24:in `connect' from /var/lib/gems/1.8/gems/activeldap-1.2.1/lib/active_ldap/adapter/base.rb:582:in `reconnect' from /var/lib/gems/1.8/gems/activeldap-1.2.1/lib/active_ldap/adapter/base.rb:574:in `loop' from /var/lib/gems/1.8/gems/activeldap-1.2.1/lib/active_ldap/adapter/base.rb:574:in `reconnect' from /var/lib/gems/1.8/gems/activeldap-1.2.1/lib/active_ldap/adapter/base.rb:611:in `reconnect_if_need' from /var/lib/gems/1.8/gems/activeldap-1.2.1/lib/active_ldap/timeout.rb:15:in `call' from /var/lib/gems/1.8/gems/activeldap-1.2.1/lib/active_ldap/timeout.rb:15:in `alarm' from /var/lib/gems/1.8/gems/activeldap-1.2.1/lib/active_ldap/adapter/base.rb:321:in `with_timeout' from /var/lib/gems/1.8/gems/activeldap-1.2.1/lib/active_ldap/adapter/base.rb:610:in `reconnect_if_need' from /var/lib/gems/1.8/gems/activeldap-1.2.1/lib/active_ldap/adapter/base.rb:272:in `operation' from /var/lib/gems/1.8/gems/activeldap-1.2.1/lib/active_ldap/adapter/base.rb:169:in `search' from /var/lib/gems/1.8/gems/activeldap-1.2.1/lib/active_ldap/adapter/net_ldap.rb:66:in `search' from /var/lib/gems/1.8/gems/activeldap-1.2.1/lib/active_ldap/operations.rb:65:in `search' from /var/lib/gems/1.8/gems/activeldap-1.2.1/lib/active_ldap/operations.rb:96:in `exists?' from ./useradd.rb:96 Logs with ActiveLDAP script on ldap1 server: May 28 12:38:52 ldap1 slapd[1696]: conn=256134 fd=102 ACCEPT from IP=192.168.42.42:59625 (IP=0.0.0.0:389) May 28 12:38:52 ldap1 slapd[1696]: conn=256134 op=0 SRCH base="" scope=0 deref=0 filter="(objectClass=*)" May 28 12:38:52 ldap1 slapd[1696]: conn=256134 op=0 SRCH attr=supportedSASLMechanisms May 28 12:38:52 ldap1 slapd[1696]: conn=256134 op=0 SEARCH RESULT tag=101 err=0 nentries=1 text= May 28 12:38:52 ldap1 slapd[1696]: conn=256134 fd=102 closed (connection lost) From kou at cozmixng.org Sun May 30 06:24:15 2010 From: kou at cozmixng.org (Kouhei Sutou) Date: Sun, 30 May 2010 19:24:15 +0900 (JST) Subject: [activeldap-discuss] Question about DN changes In-Reply-To: References: Message-ID: <20100530.192415.1718482954477608601.kou@cozmixng.org> Hi, In "[activeldap-discuss] Question about DN changes" on Wed, 24 Feb 2010 07:45:32 +0100, Christoph Lipp wrote: > I wonder if somebody can help me with this task. I need to change the > DN of an existing ldap object. I tried it with: > > object.dn= new_dn # walks through, but nothing updated > Object.modify_rdns_entry(....) # failes, Invalid DN Syntax error > object.update_attribute("dn", new_dn) # walks through, but nothing updated > > > What is the best way to "move" or rename the dn of an object? Umm... 'object.update_attribute("dn", new_dn)' should work. Could you show LDAP server log for the action? P.S.: This is a recommended code to move object: object.dn = new_dn object.save Thanks, -- kou From kou at cozmixng.org Sun May 30 06:29:05 2010 From: kou at cozmixng.org (Kouhei Sutou) Date: Sun, 30 May 2010 19:29:05 +0900 (JST) Subject: [activeldap-discuss] Bug in ActiveLdap::Ldif.new() ??? In-Reply-To: <681994938.122123.1265737692706.JavaMail.root@zcs10.wiu.edu> References: <777503842.121875.1265737492822.JavaMail.root@zcs10.wiu.edu> <681994938.122123.1265737692706.JavaMail.root@zcs10.wiu.edu> Message-ID: <20100530.192905.1528387123273169230.kou@cozmixng.org> Hi, In <681994938.122123.1265737692706.JavaMail.root at zcs10.wiu.edu> "Re: [activeldap-discuss] Bug in ActiveLdap::Ldif.new() ???" on Tue, 9 Feb 2010 11:48:12 -0600 (CST), Matt Mencel wrote: > I tried the to_ldif_record method that you suggested, but it doesn't seem to work in one case I tried it. I had to do it the old way to make it work. > > File.open(ldif_file, "w") do |data_file| > all_courses = LdapCourse.search( > :base => 'MYBASE', > :filter => 'FILTER', > :attributes => [] > ) > > puts all_courses.class #RETURNS ARRAY > > records = all_courses.collect do |course| > puts course.class #RETURNS ARRAY > #puts course.dn #ERROR HERE..... undefined method `dn' for # (NoMethodError) > #ActiveLdap::Ldif::Record.new(course[0], course[1]) #THIS WORKS > course.to_ldif_record(course[0], course[1]) #THIS DOES NOT WORK... undefined method `to_ldif_record' for # (NoMethodError) > end.compact > data_file.puts ActiveLdap::Ldif.new(records).to_s > data_file.close 'search' returns an array: [[dn, attributes], ...] You should use find to operate a LDAP entry as an object: all_courses = LdapCourse.find(:all, :base => 'MYBASE', :filter => 'FILTER') records = all_courses.collect do |course| course.to_ldif_record end Thanks, -- kou From kou at cozmixng.org Sun May 30 06:35:28 2010 From: kou at cozmixng.org (Kouhei Sutou) Date: Sun, 30 May 2010 19:35:28 +0900 (JST) Subject: [activeldap-discuss] Moving Objects To New Container In-Reply-To: <2130192278.37605.1271456949825.JavaMail.root@zcs10.wiu.edu> References: <134379404.37561.1271456771516.JavaMail.root@zcs10.wiu.edu> <2130192278.37605.1271456949825.JavaMail.root@zcs10.wiu.edu> Message-ID: <20100530.193528.2192893794132001902.kou@cozmixng.org> Hi, In <2130192278.37605.1271456949825.JavaMail.root at zcs10.wiu.edu> "Re: [activeldap-discuss] Moving Objects To New Container" on Fri, 16 Apr 2010 17:29:09 -0500 (CDT), Matt Mencel wrote: > I took a look at Alexey's Ruby/LDAP code on github. No idea if this would work....but the PERL examples I've seen put newsuperior before deleteoldrdn in the params list. Just wondering if all it takes is a patch submission? ActiveLdap needs Ruby/LDAP new_superior support to move an entry to a new container. Alexey, could you consider to support new_superior? Thanks, -- kou > # conn.c > /* > * call-seq: > * conn.modrdn(dn, new_rdn, new_superior, delete_old_rdn) => self > * > * Modify the RDN of the entry with DN, +dn+, giving it the new RDN, > * +new_rdn+. Move to a new container if +new_superior+ is given. > * If +delete_old_rdn+ is *true*, the old RDN value will be deleted from > * the entry. > */ > VALUE > rb_ldap_conn_modrdn_s (VALUE self, VALUE dn, VALUE newrdn, , VALUE newsuperior, VALUE delete_p) > { > RB_LDAP_DATA *ldapdata; > char *c_dn; > char *c_newrdn; > char *c_newsuperior; > int c_delete_p; > > GET_LDAP_DATA (self, ldapdata); > c_dn = StringValueCStr (dn); > c_newrdn = StringValueCStr (newrdn); > c_newsuperior = StringValueCStr (newsuperior); > c_delete_p = (delete_p == Qtrue) ? 1 : 0; > > ldapdata->err = ldap_modrdn2_s (ldapdata->ldap, c_dn, c_newrdn, c_newsuperior, c_delete_p); > Check_LDAP_Result (ldapdata->err); > > return self; > }; > > # conn.c line 1796 > # If the number here specifies the number of required params...then it should be 3 and not 4... > # but I wasn't sure exactly what to do except it was related to the number of params. > rb_ldap_conn_define_method ("modrdn", rb_ldap_conn_modrdn_s, 4); > > > # win/winldap.h line 286 > ULONG ldap_modrdn2_s(LDAP *ld, PCHAR olddn, PCHAR newdn, PCHAR newsuperior, int delold_flag); > > # rbldap.h line 117 > VALUE rb_ldap_conn_modrdn_s (VALUE, VALUE, VALUE, VALUE, VALUE); > > > > > > > > > > > > > > > > ----- Original Message ----- > From: "Matt Mencel" > To: ruby-activeldap-discuss at rubyforge.org > Sent: Tuesday, April 13, 2010 2:14:06 PM > Subject: [activeldap-discuss] Moving Objects To New Container > > Say I have this object: > > > user.cn = USERA > user.dn = CN=USERA,OU=OLDOU > > > ...and I want to move this object to a new ou of OU=NEWOU. I see these two methods... > > > modify_rdn (dn, new_rdn, delete_old_rdn, new_superior, options={}) > modify_rdn_entry (dn, new_rdn, delete_old_rdn, new_superior, options={}) > > > Something like this...?? > > user = User.find("USERA") > user.modify_rdn("CN=USERA,OU=OLDOU", "CN=USERA", true, "OU=NEWOU", {}) > user.save > > > However... modify_rdn gives me... > "undefined method `modify_rdn' for #" > > ...and modify_rdn_entry gives me... > "not implemented: modify RDN with new superior" > > Looks like this is currently not possible with ActiveLdap....or is there another way? > > Thanks, > Matt > > > ----- Original Message ----- > From: "Richard 3 Nicholas" > To: ruby-activeldap-discuss at rubyforge.org > Sent: Wednesday, July 16, 2008 12:16:20 PM > Subject: [Ruby-activeldap-discuss] I'm having fun with ActiveLdap::DistinguishedName class... > > > I want to move an object from its current container into a sub container (ou=toBeDeleted) and this would seem to be the way to do it... > > modify_rdn(dn, new_rdn, delete_old_rdn, new_superior, options={}) > > now, I have the dn. The new rdn, would be "cn=old cn", so that isn't a problem. delete_old_rdn is true, so that isn't a problem. The issue is new_superior. I need to take the cn off the front of the DN, and replace it with the new OU. > > I thought it would be great to make use of activeLdap's DistinguishedName handler to save me the problem of rolling my own DistinguishedName parser. > > ActiveLdap::DistinguishedName.parse( my_object.dn ) does just what I'd expect. I can then look at the .rdns value and use strip to get rid of the cn on the end. I can add { "ou" => "toBeDeleted" } to the start of the array, but then I can't get the resultant array of hashes back into an ActiveLdap::DistinguishedName type and from there back into a string. > >>> arr > => [{"CN"=>"Computers"}, {"dc"=>"ads"}, {"dc"=>"blah"}, {"dc"=>"com"}] >>> newdn.rdns = arr > NoMethodError: undefined method `rdns=' for # > from (irb):74 >>> > >>> ActiveLdap::DistinguishedName.new(arr) > => #"Computers"}, {"dc"=>"ads"}, {"dc"=>"blah"}, {"dc"=>"com"}]]> >>> ActiveLdap::DistinguishedName.new(arr).to_s > NoMethodError: undefined method `upcase' for {"CN"=>"Computers"}:Hash > from c:/ruby/lib/ruby/gems/1.8/gems/activeldap-1.0.1/lib/active_ldap/distinguished_name.rb:227:in `to_s' > from (irb):76:in `sort_by' > from c:/ruby/lib/ruby/gems/1.8/gems/activeldap-1.0.1/lib/active_ldap/distinguished_name.rb:226:in `each' > from c:/ruby/lib/ruby/gems/1.8/gems/activeldap-1.0.1/lib/active_ldap/distinguished_name.rb:226:in `sort_by' > from c:/ruby/lib/ruby/gems/1.8/gems/activeldap-1.0.1/lib/active_ldap/distinguished_name.rb:226:in `to_s' > from c:/ruby/lib/ruby/gems/1.8/gems/activeldap-1.0.1/lib/active_ldap/distinguished_name.rb:225:in `collect' > from c:/ruby/lib/ruby/gems/1.8/gems/activeldap-1.0.1/lib/active_ldap/distinguished_name.rb:225:in `to_s' > from (irb):76 >>> > > The reason that the second method fails is rdns ends up wrapped in another array. The following change would fix the problem, but the behaviour of ActiveLdap::DistinguishedName.new( ["cn","anything"] ) would change.... > > file: distinguished_name.rb > > def initialize(*rdns) > if rdns.size == 1 and rdns[0].is_a?(Array) > rdns = rdns[0] > end > @rdns = rdns.collect do |rdn| > if rdn.is_a?(Array) and rdn.size == 2 > {rdn[0] => rdn[1]} > else > rdn > end > end > end > > Is there any really easy way to make the parser do what I want? > > > > > > > > Unless stated otherwise above: > IBM United Kingdom Limited - Registered in England and Wales with number 741598. > Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU > > > > > > > > _______________________________________________ > Ruby-activeldap-discuss mailing list > Ruby-activeldap-discuss at rubyforge.org > http://rubyforge.org/mailman/listinfo/ruby-activeldap-discuss > _______________________________________________ > ruby-activeldap-discuss mailing list > ruby-activeldap-discuss at rubyforge.org > http://rubyforge.org/mailman/listinfo/ruby-activeldap-discuss > _______________________________________________ > ruby-activeldap-discuss mailing list > ruby-activeldap-discuss at rubyforge.org > http://rubyforge.org/mailman/listinfo/ruby-activeldap-discuss From kou at cozmixng.org Sun May 30 06:42:43 2010 From: kou at cozmixng.org (Kouhei Sutou) Date: Sun, 30 May 2010 19:42:43 +0900 (JST) Subject: [activeldap-discuss] Groups are created in the wrong location In-Reply-To: <70768225.849901262962613535.JavaMail.root@zcs10.wiu.edu> References: <329162188.849201262962514256.JavaMail.root@zcs10.wiu.edu> <70768225.849901262962613535.JavaMail.root@zcs10.wiu.edu> Message-ID: <20100530.194243.1635944452167947711.kou@cozmixng.org> Hi, In <70768225.849901262962613535.JavaMail.root at zcs10.wiu.edu> "Re: [activeldap-discuss] Groups are created in the wrong location" on Fri, 8 Jan 2010 08:56:53 -0600 (CST), MR-Mencel at wiu.edu wrote: > Yes....looks like I can override ldap_mapping in the method....as this example works... > > class AdGroup < AdBase > ldap_mapping :dn_attribute => "cn", > :prefix => "ou=wiu", > :classes => ['top','group'] > has_many :members, :class_name => "AdUser", :wrap => "member", :primary_key => 'distinguishedName' > > > def self.add_course_group(starnum) > ldap_mapping :dn_attribute => "cn", > :prefix => "OU=CLASSES,OU=STUDENTS,ou=wiu", > :classes => ['top','group'] > group = AdGroup.new(starnum) > group.dn = "cn=#{starnum},OU=CLASSES,OU=STUDENTS,ou=wiu,dc=ad,dc=wiu,dc=edu" > group.cn = starnum > group.distinguishedName = "CN=#{starnum},OU=CLASSES,OU=STUDENTS,OU=WIU,DC=ad,DC=wiu,DC=edu" > group.name = starnum > group.objectCategory = "CN=Group,CN=Schema,CN=Configuration,DC=ad,DC=wiu,DC=edu" > group.groupType = "-2147483646" > group.add_class('group') > group.sAMAccountName = starnum > unless group.save > puts "save failed" > puts group.errors.full_messages > exit 1 > end > return group > end > > > If there is an easier or better way....let me know. What about this? class AdGroup < AdBase ldap_mapping :dn_attribute => "cn", :prefix => "ou=wiu", :classes => ['top','group'] has_many :members, :class_name => "AdUser", :wrap => "member", :primary_key => 'distinguishedName' def self.add_course_group(starnum) group = new(starnum) group.dn = "cn=#{starnum},OU=CLASSES,OU=STUDENTS" group.name = starnum group.objectCategory = "CN=Group,CN=Schema,CN=Configuration,DC=ad,DC=wiu,DC=edu" group.groupType = "-2147483646" group.add_class('group') group.sAMAccountName = starnum unless group.save puts "save failed" puts group.errors.full_messages exit 1 end return group end Thanks, -- kou > ----- Original Message ----- > From: "Matt Mencel" > To: ruby-activeldap-discuss at rubyforge.org > Sent: Friday, January 8, 2010 8:15:22 AM GMT -06:00 US/Canada Central > Subject: Re: [activeldap-discuss] Groups are created in the wrong location > > This is going to be a bigger problem when I start to create users as they are all over the place in our directory. Can I override ldap_mapping at the moment that I save a group or user object? > > Matt > > ----- Original Message ----- > From: "Matt Mencel" > To: ruby-activeldap-discuss at rubyforge.org > Sent: Thursday, January 7, 2010 11:14:37 PM GMT -06:00 US/Canada Central > Subject: [activeldap-discuss] Groups are created in the wrong location > > Hi, > > I've got a code snippet below. I am trying to create group objects in the following location... > > OU=CLASSES,OU=STUDENTS,OU=WIU,DC=AD,DC=WIU,DC=EDU > > But they are getting created here instead... > > OU=WIU,DC=AD,DC=WIU,DC=EDU > > ...not deeper in the tree where I want them. I have the prefix in my ldap_mapping set at the root OU=WIU, but I was hoping that by defining the full group.dn and group.distinguishedName when I save the group....that it would create it where I specified with the distinguishedName attribute. Apparently that is not the case. Can anyone tell me what I'm doing wrong? > > Thanks, > Matt > > > class AdGroup < AdBase > ldap_mapping :dn_attribute => "cn", > :prefix => "ou=wiu", > :classes => ['top','group'] > has_many :members, :class_name => "AdUser", :wrap => "member", :primary_key => 'distinguishedName' > > > def self.add_course_group(starnum) > group = AdGroup.new(starnum) > group.dn = "cn=#{starnum},OU=CLASSES,OU=STUDENTS,ou=wiu,dc=ad,dc=wiu,dc=edu" > group.cn = starnum > group.distinguishedName = "CN=#{starnum},OU=CLASSES,OU=STUDENTS,OU=WIU,DC=ad,DC=wiu,DC=edu" > group.name = starnum > group.objectCategory = "CN=Group,CN=Schema,CN=Configuration,DC=ad,DC=wiu,DC=edu" > group.groupType = "-2147483646" > group.add_class('group') > group.sAMAccountName = starnum > unless group.save > puts "save failed" > puts group.errors.full_messages > exit 1 > end > return group > end > > _______________________________________________ > ruby-activeldap-discuss mailing list > ruby-activeldap-discuss at rubyforge.org > http://rubyforge.org/mailman/listinfo/ruby-activeldap-discuss > _______________________________________________ > ruby-activeldap-discuss mailing list > ruby-activeldap-discuss at rubyforge.org > http://rubyforge.org/mailman/listinfo/ruby-activeldap-discuss > _______________________________________________ > ruby-activeldap-discuss mailing list > ruby-activeldap-discuss at rubyforge.org > http://rubyforge.org/mailman/listinfo/ruby-activeldap-discuss From kou at cozmixng.org Sun May 30 06:47:44 2010 From: kou at cozmixng.org (Kouhei Sutou) Date: Sun, 30 May 2010 19:47:44 +0900 (JST) Subject: [activeldap-discuss] Retrival of UUID (entryUUID) attribute In-Reply-To: <4B66EE09.1030200@bytemine.net> References: <4B66EE09.1030200@bytemine.net> Message-ID: <20100530.194744.1921610415484081906.kou@cozmixng.org> Hi, In <4B66EE09.1030200 at bytemine.net> "[activeldap-discuss] Retrival of UUID (entryUUID) attribute" on Mon, 01 Feb 2010 16:06:49 +0100, Daniel Rauer wrote: > Is there an option to retrieve the uuid of an user or the guid from a > group with activeldap? I did not find any solutions for this issue. Also > tried to explicitly request this attribute with LdapUser.find(login, > :attributes => ["uuid"]), does not work either. > My motivation is to detect changes of user data in the LDAP, and because > the uid can be changed I would like to get the uuid as a unique reference. What about this? LdapUser.find(login, :attributes => ["*", "+"]) "+" means "all operational attributes". Thanks, -- kou From kou at cozmixng.org Sun May 30 07:00:08 2010 From: kou at cozmixng.org (Kouhei Sutou) Date: Sun, 30 May 2010 20:00:08 +0900 (JST) Subject: [activeldap-discuss] Intermittent ActiveLdap::EntryNotFound errors In-Reply-To: <7128D957-E9CF-48FB-A03D-018608EB1E52@gmail.com> References: <7128D957-E9CF-48FB-A03D-018608EB1E52@gmail.com> Message-ID: <20100530.200008.357364504190521024.kou@cozmixng.org> Hi, In <7128D957-E9CF-48FB-A03D-018608EB1E52 at gmail.com> "[activeldap-discuss] Intermittent ActiveLdap::EntryNotFound errors" on Tue, 24 Nov 2009 13:22:28 -0500, Enrico Bianco wrote: > I'm using ActiveLdap 1.0.9 in a Rails application to connect > to an Active Directory and provide pass-through > authentication. Sometimes, authentication randomly fails > with an exception similar to the following: > > ActiveLdap::EntryNotFound (Couldn't find > LDAPConnector::User: DN: : filter: > ["sAMAccountName", ""]): > activeldap (1.0.9) lib/active_ldap/operations.rb:321:in > `find_one' > activeldap (1.0.9) lib/active_ldap/operations.rb:296:in > `find_from_dns' > activeldap (1.0.9) lib/active_ldap/operations.rb:215:in > `find' > app/models/user.rb:12:in `ldap_entry' > > LDAPConnector::User is a subclass of ActiveLdap::Base that > specifies the mapping to users in the LDAP. User is an > ActiveRecord model that corresponds to the LDAP entries, > storing application-specific information (such as columns > for recording login times). User#ldap_entry looks up the > LDAPConnector::User by searching on the User's 'login' > attribute. > > The procedure for authenticating a user is to find the LDAP > entry. Once found, a bind is attempted using the given > password. Then, #remove_connection is called on the LDAP > entry. > > (A sample of this method can be found on GitHub: > http://github.com/enricob/authlogic_example/tree/with-activeldap) > > The odd part is that I can't reproduce this error on my own > machine, in development or production environments. It only > happens on our production machine. In case it is relevant, > I've switched our deployment from a cluster of thins to an > individual thin instance to an individual instance of > Mongrel and the same error occurs. > > What could be causing this? Could you try it again with the latest ActiveLdap? (1.2.1) If it is still reproducible, please show ActiveLdap log messages that will be in log/{development,production}.log? It's recommended that uncomment 'config.log_level = :debug' in config/environment.rb. Thanks, -- kou