In this example I use Password policy overlay (
http://linux.die.net/man/5/slapo-ppolicy ).
Other references:
* http://www.zytrax.com/books/ldap/ch6/ppolicy.html#operationalattributes
* http://www.zytrax.com/books/ldap/ape/ppolicy.html
The idea is that a user can belong to a default policy group, let's call it
cn=default,ou=policies,dc=local .
Specific users can be assigned to a different policy by setting their
pwdPolicySubentry to the an policy DN with something like:
# point the users entry to the specific policy
dn: cn=John Smith,ou=people,dc=example,dc=com
changetype: modify
add: pwdPolicySubentry
pwdPolicySubentry: "cn=user,ou=pwpolicies,dc=example,dc=com"
The issue is that when a user does not have such field (any operational fields
actually), there is no way i found so far to set them up.
What steps will reproduce the problem?
1. Get a user full attributes : u = User.find('foo', :attributes => ['*','+'])
2. Set pwdAccountLockedTime to '00000101000000Z' :
>> u.pwd_account_locked_time?
NoMethodError: undefined method `pwd_account_locked_time?' for
#<User:0xb71dce34>
from /path/to/localgems/gems/activeldap-1.2.2/lib/active_ldap/base.rb:861:in `method_missing'
>> u.pwd_account_locked_time = '00000101000000Z'
NoMethodError: undefined method `pwd_account_locked_time=' for
#<User:0xb71dce34>
from /path/to/localgems/gems/activeldap-1.2.2/lib/active_ldap/base.rb:861:in `method_missing'
What is the expected output? What do you see instead?
Expected output/outcome will be to set attribute pwdAccountLockedTime for this
user entry.
What version of the product are you using? On what operating system?
1.2.2 on Debian Lenny with ruby 1.8.7 (2008-08-11 patchlevel 72) [i486-linux]
Please provide any additional information below.
In my set up, some users already have the pwdAccountLockedTime entry set up.
And I can work around this issue by first running:
>> User.find(:all, :attributes => ['*','+'])
>> u = User.find('foo', :attributes => ['*','+'])
>> u.pwd_account_locked_time
=> nil
>> u.pwd_account_locked_time?
=> false
>> u.pwd_account_locked_time = '00000101000000Z'
=> "00000101000000Z"
So, to me, it looks like once the attribute got into the cache table for one of
the users, then it can be used for others.
I tried to look at the source of activeldap and feel that the issue could be
tackle in base.rb within method_missing .
Unfortunately, I am no ruby expert and my attemps all failed.
Also, maybe another place where these method could be defined would be in
def methods
where on top of adding methods for attributes in the entry, a method for
attributes with @directory_operation=true and @read_only=false
Original issue reported on code.google.com by chan...@gmail.com on 30 Sep 2010 at 3:01
Original issue reported on code.google.com by
chan...@gmail.com
on 30 Sep 2010 at 3:01