I’ve a problem and I don’t know if it is solvable with activeLDAP. Here
is an example of the tree structure of our LDAP server. The structure
isn’t exactly like that, but is similare and I can already access almost
any informations of a user when I’m logging as this user. The probleme
come when using the belong_to, has_many and ldap_mapping has you will
see in the rest of this message.
I have 2 corresponding classes
#this class of LdapUser work as long as the user is found directly under
class LdapUser < ActiveLDAP::Base
ldap_mapping :dnattr => 'cn' , :prefix => 'ou=labo01,ou=users',
:classes => [‘top’,‘hostObject’, ‘person’, ‘shadowAccount’,
has_many :groups, :class_name => 'Groups', :foreign_key => 'memberUid', :local_key => 'cn'
#this class of Groups work as long as the group is found directly under
class Groups < ActiveLDAP::Base
ldap_mapping :dnattr => 'cn' , :prefix => 'ou=groups', :classes =>
has_many :ldapusers, :class_name => 'LdapUser', :local_key => 'memberUid' , :foreign_key => 'cn'
A group can have 0 to N users and a users can be in 0 to N groups.
Everything under “groups” is a group with a variable “memberUid” that
reference a user under “users”. This way, as an example, user03 can be
in group03 and subgroup01 and group03 may have user01, user03 and user05
in it. If I ask ruby-activeldap about the groups where the user01 is, it
will answer only group03, ignoring the fact that subgroup01 is also a
group. The other way arround, if I ask the members of a groupe like
group03, I will only get user01.
The problem is that I would need a kind of wildcard in the ldap_mapping
call to set the prefix. To define a group I would write something like
ldap_mapping :dnattr => ‘cn’, :prefix => ‘*,ou=groups’ where * could be
because I know that everything under ou=groups is a group and for the
ldap_mapping :dnattr => ‘cn’, :prefix => ‘*,ou=users’ where * could be
because I know that everything under ou=users is a user.
I know I could write every user under “ou=users”, but I have a pretty
large amount of user on this ldap server and also a large amount of
groups. So putting everything under a same root isn’t really an option.
Is having a wildcard in a ldap_mapping possible? If so, how? If not, How
could I solve my problem?
Thanks for your help,