From kou at cozmixng.org Sat Feb 2 11:31:06 2013 From: kou at cozmixng.org (Kouhei Sutou) Date: Sat, 02 Feb 2013 20:31:06 +0900 (JST) Subject: [activeldap-discuss] [Q] How to maintain multiple user/group tree. In-Reply-To: References: Message-ID: <20130202.203106.1305890868535451181.kou@cozmixng.org> Hi, In "[activeldap-discuss] [Q] How to maintain multiple user/group tree." on Wed, 30 Jan 2013 07:18:19 +0900, Hiroyuki Sato wrote: > I have the following DIT tree. > > dc=example,dc=com > ou=organization1 > ou=users > ou=groups > > ou=organization2 > ou=users > ou=groups > > > ou=users store User object > > ou=groups store Group object > > > so I would like to create User and Group object *per organization. * > > Question > > I think two solution > > 1) Can I change :base attribute dynamically? Yes. Pass :base option to find: organization1_users = User.find(:all, :base => "ou=organization1,#{User.base}") > 2) Can I set a new connection on object? Yes. > Per connection test. > > I expected this method return to 1, however not worked, Could > you please tell me why it isn't work? > irb(main):001:0> require 'rubygems' > => false > irb(main):002:0> require 'active_ldap' > => true > irb(main):003:0> > irb(main):004:0* class Group < ActiveLdap::Base > irb(main):005:1> ldap_mapping :dn_attribute => 'cn', > irb(main):006:1* :prefix => 'ou=groups', > irb(main):007:1* :classes => ['top', 'posixGroup'], > irb(main):008:1* :scope => :one > irb(main):009:1> end > => Group(not-connected) > irb(main):010:0> a = Class.new(Group) > => #(not-connected) > irb(main):011:0> a.setup_connection(:host => 'ldap.server', > :base => 'ou=organization1,dc=example,dc=com') > => nil > irb(main):012:0> a.find(:all).size > => 0 Umm... It seems good to me. Could you add the following code after "require 'active_ldap'"? require "pp" ActiveSupport::Notifications.subscribe("log_info.active_ldap") {|*args| pp args} It outputs query information. For example: ["log_info.active_ldap", 2013-02-02 20:27:43 +0900, 2013-02-02 20:27:43 +0900, "b42da1c2a3fd04d899a6", {:info=> {:base=>"dc=bench,dc=test,dc=home,dc=local", :scope=>:sub, :filter=>"(&(uid=*)(&(objectClass=person)(objectClass=posixAccount)))", :attributes=>["*", "objectClass"], :limit=>nil}, :name=>:search_with_limit}] Could you show us the output when you run "a.find(:all).size"? > 3) any alternative idea ?? I think that "User.find(..., :base => "ou=XXX,#{User.base}")" is a simple solution. (It is 1) case.) Thanks, -- kou From hiroysato at gmail.com Mon Feb 4 03:03:10 2013 From: hiroysato at gmail.com (Hiroyuki Sato) Date: Mon, 4 Feb 2013 12:03:10 +0900 Subject: [activeldap-discuss] [Q] How to maintain multiple user/group tree. In-Reply-To: <20130202.203106.1305890868535451181.kou@cozmixng.org> References: <20130202.203106.1305890868535451181.kou@cozmixng.org> Message-ID: Hi Thank you for your response. I'll report it later. please wait. 2013/2/2 Kouhei Sutou : > Hi, > > In > "[activeldap-discuss] [Q] How to maintain multiple user/group tree." on Wed, 30 Jan 2013 07:18:19 +0900, > Hiroyuki Sato wrote: > >> I have the following DIT tree. >> >> dc=example,dc=com >> ou=organization1 >> ou=users >> ou=groups >> >> ou=organization2 >> ou=users >> ou=groups >> >> >> ou=users store User object >> >> ou=groups store Group object >> >> >> so I would like to create User and Group object *per organization. * >> >> Question >> >> I think two solution >> >> 1) Can I change :base attribute dynamically? > > Yes. > Pass :base option to find: > > organization1_users = User.find(:all, :base => "ou=organization1,#{User.base}") > >> 2) Can I set a new connection on object? > > Yes. > >> Per connection test. >> >> I expected this method return to 1, however not worked, Could >> you please tell me why it isn't work? > >> irb(main):001:0> require 'rubygems' >> => false >> irb(main):002:0> require 'active_ldap' >> => true >> irb(main):003:0> >> irb(main):004:0* class Group < ActiveLdap::Base >> irb(main):005:1> ldap_mapping :dn_attribute => 'cn', >> irb(main):006:1* :prefix => 'ou=groups', >> irb(main):007:1* :classes => ['top', 'posixGroup'], >> irb(main):008:1* :scope => :one >> irb(main):009:1> end >> => Group(not-connected) >> irb(main):010:0> a = Class.new(Group) >> => #(not-connected) >> irb(main):011:0> a.setup_connection(:host => 'ldap.server', >> :base => 'ou=organization1,dc=example,dc=com') >> => nil >> irb(main):012:0> a.find(:all).size >> => 0 > > Umm... It seems good to me. > Could you add the following code after "require 'active_ldap'"? > > require "pp" > ActiveSupport::Notifications.subscribe("log_info.active_ldap") {|*args| pp args} > > It outputs query information. For example: > > ["log_info.active_ldap", > 2013-02-02 20:27:43 +0900, > 2013-02-02 20:27:43 +0900, > "b42da1c2a3fd04d899a6", > {:info=> > {:base=>"dc=bench,dc=test,dc=home,dc=local", > :scope=>:sub, > :filter=>"(&(uid=*)(&(objectClass=person)(objectClass=posixAccount)))", > :attributes=>["*", "objectClass"], > :limit=>nil}, > :name=>:search_with_limit}] > > Could you show us the output when you run "a.find(:all).size"? > >> 3) any alternative idea ?? > > I think that "User.find(..., :base => > "ou=XXX,#{User.base}")" is a simple solution. (It is 1) case.) > > > Thanks, > -- > kou > _______________________________________________ > ruby-activeldap-discuss mailing list > ruby-activeldap-discuss at rubyforge.org > http://rubyforge.org/mailman/listinfo/ruby-activeldap-discuss -- Hiroyuki Sato From hiroysato at gmail.com Wed Feb 6 06:49:43 2013 From: hiroysato at gmail.com (Hiroyuki Sato) Date: Wed, 6 Feb 2013 15:49:43 +0900 Subject: [activeldap-discuss] [Q] How to maintain multiple user/group tree. In-Reply-To: References: <20130202.203106.1305890868535451181.kou@cozmixng.org> Message-ID: Hello Thank you for waiting. This is debug log . Summary ======= Case A: ------- use obj = Class.new ; obj.find prefix: ou=groups basedn: ou=company1,dc=example,dc=com => result {:info=> {:base=>"ou=company1.com,dc=example,dc=com", :scope=>:one, :filter=>"(&(cn=*)(&(objectClass=top)(objectClass=posixGroup)))", :attributes=>["*", "objectClass"], :limit=>nil}, :name=>:search_with_limit}] prefix missing?? ^^^^^^^^^^^^^^^^^ should be ou=groups,ou=company1.com,dc=example,dc=com?? Case B: ------- Use Group.find prefix: ou=groups basedn: ou=company1,dc=example,dc=com {:info=> {:base=>"ou=groups,ou=company1.com,dc=example,dc=com", :scope=>:one, :filter=>"(&(cn=*)(&(objectClass=top)(objectClass=posixGroup)))", :attributes=>["*", "objectClass"], :limit=>nil}, :name=>:search_with_limit}] Detail ====== Case A require 'active_ldap' require 'pp' ActiveSupport::Notifications.subscribe("log_info.active_ldap") {|*args| pp args} class Group < ActiveLdap::Base ldap_mapping :dn_attribute => 'cn', :prefix => 'ou=groups', :classes => ['top', 'posixGroup'], :scope => :one end a = Class.new(Group) a.setup_connection(:host => 'ldap.server',:base => 'ou=company1.com,dc=example,dc=com') a.find(:all).size ["log_info.active_ldap", 2013-02-06 14:55:22 +0900, 2013-02-06 14:55:22 +0900, "4d8913918609b11bdfe8", {:info=>{:uri=>"ldap://ldap.server", :with_start_tls=>false}, :name=>"connect"}] ["log_info.active_ldap", 2013-02-06 14:55:22 +0900, 2013-02-06 14:55:22 +0900, "4d8913918609b11bdfe8", {:info=>{:uri=>"ldap://ldap.server", :with_start_tls=>false}, :name=>"connect"}] ["log_info.active_ldap", 2013-02-06 14:55:22 +0900, 2013-02-06 14:55:22 +0900, "4d8913918609b11bdfe8", {:info=>{}, :name=>"bind: anonymous"}] ["log_info.active_ldap", 2013-02-06 14:55:22 +0900, 2013-02-06 14:55:22 +0900, "4d8913918609b11bdfe8", {:info=>{}, :name=>"bind: anonymous"}] ["log_info.active_ldap", 2013-02-06 14:55:22 +0900, 2013-02-06 14:55:23 +0900, "4d8913918609b11bdfe8", {:info=> {:base=>"ou=company1.com,dc=example,dc=com", :scope=>:one, :filter=>"(&(cn=*)(&(objectClass=top)(objectClass=posixGroup)))", :attributes=>["*", "objectClass"], :limit=>nil}, :name=>:search_with_limit}] ["log_info.active_ldap", 2013-02-06 14:55:22 +0900, 2013-02-06 14:55:23 +0900, "4d8913918609b11bdfe8", {:info=> {:base=>"ou=company1.com,dc=example,dc=com", :scope=>:one, :filter=>"(&(cn=*)(&(objectClass=top)(objectClass=posixGroup)))", :attributes=>["*", "objectClass"], :limit=>nil}, :name=>:search_with_limit}] => 0 Case B require 'pp' require 'active_ldap' ActiveSupport::Notifications.subscribe("log_info.active_ldap") {|*args| pp args} class Group < ActiveLdap::Base ldap_mapping :dn_attribute => 'cn', :prefix => 'ou=groups', :classes => ['top', 'posixGroup'], :scope => :one end Group.setup_connection(:host => 'ldap.server', :base => 'ou=company1.com,dc=example,dc=com') Group.find(:all).size ["log_info.active_ldap", 2013-02-06 14:54:13 +0900, 2013-02-06 14:54:13 +0900, "4d8913918609b11bdfe8", {:info=>{:uri=>"ldap://ldap.server", :with_start_tls=>false}, :name=>"connect"}] ["log_info.active_ldap", 2013-02-06 14:54:13 +0900, 2013-02-06 14:54:13 +0900, "4d8913918609b11bdfe8", {:info=>{}, :name=>"bind: anonymous"}] ["log_info.active_ldap", 2013-02-06 14:54:13 +0900, 2013-02-06 14:54:13 +0900, "4d8913918609b11bdfe8", {:info=> {:base=>"ou=groups,ou=company1.com,dc=example,dc=com", :scope=>:one, :filter=>"(&(cn=*)(&(objectClass=top)(objectClass=posixGroup)))", :attributes=>["*", "objectClass"], :limit=>nil}, :name=>:search_with_limit}] ["log_info.active_ldap", 2013-02-06 14:54:13 +0900, 2013-02-06 14:54:13 +0900, "4d8913918609b11bdfe8", {:info=> {:base=>"", :scope=>:base, :filter=>"objectClass=*", :attributes=>["subschemaSubentry"], :limit=>1}, :name=>:search_with_limit}] ["log_info.active_ldap", 2013-02-06 14:54:13 +0900, 2013-02-06 14:54:13 +0900, "4d8913918609b11bdfe8", {:info=> {:base=>"cn=Subschema", :scope=>:base, :filter=>"(objectClass=subschema)", :attributes=> ["objectClasses", "attributeTypes", "matchingRules", "matchingRuleUse", "dITStructureRules", "dITContentRules", "nameForms", "ldapSyntaxes"], :limit=>1}, :name=>:search_with_limit}] => 1 Best regards. 2013/2/4 Hiroyuki Sato : > Hi > > Thank you for your response. > I'll report it later. please wait. > > 2013/2/2 Kouhei Sutou : >> Hi, >> >> In >> "[activeldap-discuss] [Q] How to maintain multiple user/group tree." on Wed, 30 Jan 2013 07:18:19 +0900, >> Hiroyuki Sato wrote: >> >>> I have the following DIT tree. >>> >>> dc=example,dc=com >>> ou=organization1 >>> ou=users >>> ou=groups >>> >>> ou=organization2 >>> ou=users >>> ou=groups >>> >>> >>> ou=users store User object >>> >>> ou=groups store Group object >>> >>> >>> so I would like to create User and Group object *per organization. * >>> >>> Question >>> >>> I think two solution >>> >>> 1) Can I change :base attribute dynamically? >> >> Yes. >> Pass :base option to find: >> >> organization1_users = User.find(:all, :base => "ou=organization1,#{User.base}") >> >>> 2) Can I set a new connection on object? >> >> Yes. >> >>> Per connection test. >>> >>> I expected this method return to 1, however not worked, Could >>> you please tell me why it isn't work? >> >>> irb(main):001:0> require 'rubygems' >>> => false >>> irb(main):002:0> require 'active_ldap' >>> => true >>> irb(main):003:0> >>> irb(main):004:0* class Group < ActiveLdap::Base >>> irb(main):005:1> ldap_mapping :dn_attribute => 'cn', >>> irb(main):006:1* :prefix => 'ou=groups', >>> irb(main):007:1* :classes => ['top', 'posixGroup'], >>> irb(main):008:1* :scope => :one >>> irb(main):009:1> end >>> => Group(not-connected) >>> irb(main):010:0> a = Class.new(Group) >>> => #(not-connected) >>> irb(main):011:0> a.setup_connection(:host => 'ldap.server', >>> :base => 'ou=organization1,dc=example,dc=com') >>> => nil >>> irb(main):012:0> a.find(:all).size >>> => 0 >> >> Umm... It seems good to me. >> Could you add the following code after "require 'active_ldap'"? >> >> require "pp" >> ActiveSupport::Notifications.subscribe("log_info.active_ldap") {|*args| pp args} >> >> It outputs query information. For example: >> >> ["log_info.active_ldap", >> 2013-02-02 20:27:43 +0900, >> 2013-02-02 20:27:43 +0900, >> "b42da1c2a3fd04d899a6", >> {:info=> >> {:base=>"dc=bench,dc=test,dc=home,dc=local", >> :scope=>:sub, >> :filter=>"(&(uid=*)(&(objectClass=person)(objectClass=posixAccount)))", >> :attributes=>["*", "objectClass"], >> :limit=>nil}, >> :name=>:search_with_limit}] >> >> Could you show us the output when you run "a.find(:all).size"? >> >>> 3) any alternative idea ?? >> >> I think that "User.find(..., :base => >> "ou=XXX,#{User.base}")" is a simple solution. (It is 1) case.) >> >> >> Thanks, >> -- >> kou >> _______________________________________________ >> ruby-activeldap-discuss mailing list >> ruby-activeldap-discuss at rubyforge.org >> http://rubyforge.org/mailman/listinfo/ruby-activeldap-discuss > > > > -- > Hiroyuki Sato -- Hiroyuki Sato From kou at cozmixng.org Wed Feb 6 12:06:37 2013 From: kou at cozmixng.org (Kouhei Sutou) Date: Wed, 06 Feb 2013 21:06:37 +0900 (JST) Subject: [activeldap-discuss] [Q] How to maintain multiple user/group tree. In-Reply-To: References: <20130202.203106.1305890868535451181.kou@cozmixng.org>

Message-ID: <20130206.210637.1596240624437829997.kou@cozmixng.org> Hi, In "Re: [activeldap-discuss] [Q] How to maintain multiple user/group tree." on Wed, 6 Feb 2013 15:49:43 +0900, Hiroyuki Sato wrote: > Case A > a.setup_connection(:host => 'ldap.server', :base => 'ou=company1.com,dc=example,dc=com') Ah, sorry. Please add prefix to :base like 'ou=groups,ou=company1.com,dc=example,dc=com': a.setup_connection(:host => 'ldap.server', :base => 'ou=groups,ou=company1.com,dc=example,dc=com') Per object :base overrides ignores prefix. > Case B: > ------- It works well, isn't it? Thanks, -- kou From hiroysato at gmail.com Wed Feb 6 12:21:57 2013 From: hiroysato at gmail.com (Hiroyuki Sato) Date: Wed, 6 Feb 2013 21:21:57 +0900 Subject: [activeldap-discuss] [Q] How to maintain multiple user/group tree. In-Reply-To: <20130206.210637.1596240624437829997.kou@cozmixng.org> References: <20130202.203106.1305890868535451181.kou@cozmixng.org>

<20130206.210637.1596240624437829997.kou@cozmixng.org> Message-ID: Hello Sutou-san. Thank you for your response. Case A, I understand how to use it. Thanks. About Case B, Thanks, I just tell you the difference Case A and Case B. Case B works fine. Thanks again. 2013/2/6 Kouhei Sutou : > Hi, > > In > "Re: [activeldap-discuss] [Q] How to maintain multiple user/group tree." on Wed, 6 Feb 2013 15:49:43 +0900, > Hiroyuki Sato wrote: > >> Case A > >> a.setup_connection(:host => 'ldap.server', :base => 'ou=company1.com,dc=example,dc=com') > > Ah, sorry. Please add prefix to :base like > 'ou=groups,ou=company1.com,dc=example,dc=com': > > a.setup_connection(:host => 'ldap.server', :base => 'ou=groups,ou=company1.com,dc=example,dc=com') > > Per object :base overrides ignores prefix. > >> Case B: >> ------- > > It works well, isn't it? > > > Thanks, > -- > kou > _______________________________________________ > ruby-activeldap-discuss mailing list > ruby-activeldap-discuss at rubyforge.org > http://rubyforge.org/mailman/listinfo/ruby-activeldap-discuss -- Hiroyuki Sato