Hi,
I’ve a problem and I don’t know if it is solvable with activeLDAP. Here
is an example of the tree structure of our LDAP server. The structure
isn’t exactly like that, but is similare and I can already access almost
any informations of a user when I’m logging as this user. The probleme
come when using the belong_to, has_many and ldap_mapping has you will
see in the rest of this message.
-localhost
|
-groups
||
|-group01
|||
||-subgroup01
||-subgroup02
||-subgroup03
||
|-groupe02
||
|-groupe03
|
-users
||
|-labo01
|||
||-user01
||-user02
||
|-labo02
|||
||-section01
||||
|||-user03
|||-user04
|||
||-section02
||||
|||-user05
I have 2 corresponding classes
#this class of LdapUser work as long as the user is found directly under
“labo01”
class LdapUser < ActiveLDAP::Base
ldap_mapping :dnattr => 'cn' , :prefix => 'ou=labo01,ou=users',
:classes => [‘top’,‘hostObject’, ‘person’, ‘shadowAccount’,
‘posixAccount’, ‘postfixAccount’]
has_many :groups,
:class_name => 'Groups',
:foreign_key => 'memberUid',
:local_key => 'cn'
end
#this class of Groups work as long as the group is found directly under
“groups”
class Groups < ActiveLDAP::Base
ldap_mapping :dnattr => 'cn' , :prefix => 'ou=groups', :classes =>
[‘top’,‘posixGroup’]
has_many :ldapusers,
:class_name => 'LdapUser',
:local_key => 'memberUid' ,
:foreign_key => 'cn'
end
A group can have 0 to N users and a users can be in 0 to N groups.
Everything under “groups” is a group with a variable “memberUid” that
reference a user under “users”. This way, as an example, user03 can be
in group03 and subgroup01 and group03 may have user01, user03 and user05
in it. If I ask ruby-activeldap about the groups where the user01 is, it
will answer only group03, ignoring the fact that subgroup01 is also a
group. The other way arround, if I ask the members of a groupe like
group03, I will only get user01.
The problem is that I would need a kind of wildcard in the ldap_mapping
call to set the prefix. To define a group I would write something like
ldap_mapping :dnattr => ‘cn’, :prefix => ‘*,ou=groups’ where * could be
nothing
because I know that everything under ou=groups is a group and for the
LdapUser
ldap_mapping :dnattr => ‘cn’, :prefix => ‘*,ou=users’ where * could be
nothing
because I know that everything under ou=users is a user.
I know I could write every user under “ou=users”, but I have a pretty
large amount of user on this ldap server and also a large amount of
groups. So putting everything under a same root isn’t really an option.
Is having a wildcard in a ldap_mapping possible? If so, how? If not, How
could I solve my problem?
Thanks for your help,
Marc-Alexandre Nolin