search

google-code-export / ruby-activeldap

Automatically exported from code.google.com/p/ruby-activeldap
Other
1 stars 1 forks source link

setting operationnal attributes not yet define for entry #54

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
In this example I use Password policy overlay ( 
http://linux.die.net/man/5/slapo-ppolicy ).
Other references:
* http://www.zytrax.com/books/ldap/ch6/ppolicy.html#operationalattributes
* http://www.zytrax.com/books/ldap/ape/ppolicy.html

The idea is that a user can belong to a default policy group, let's call it 
cn=default,ou=policies,dc=local .

Specific users can be assigned to a different policy by setting their 
pwdPolicySubentry to the  an policy DN with something like:

# point the users entry to the specific policy
dn: cn=John Smith,ou=people,dc=example,dc=com
changetype: modify
add: pwdPolicySubentry
pwdPolicySubentry: "cn=user,ou=pwpolicies,dc=example,dc=com"

The issue is that when a user does not have such field (any operational fields 
actually), there is no way i found so far to set them up.

What steps will reproduce the problem?
1. Get a user full attributes : u = User.find('foo', :attributes => ['*','+']) 
2. Set pwdAccountLockedTime to '00000101000000Z' :
>> u.pwd_account_locked_time?
NoMethodError: undefined method `pwd_account_locked_time?' for 
#<User:0xb71dce34>
    from /path/to/localgems/gems/activeldap-1.2.2/lib/active_ldap/base.rb:861:in `method_missing'
>> u.pwd_account_locked_time = '00000101000000Z'
NoMethodError: undefined method `pwd_account_locked_time=' for 
#<User:0xb71dce34>
    from /path/to/localgems/gems/activeldap-1.2.2/lib/active_ldap/base.rb:861:in `method_missing'

What is the expected output? What do you see instead?
Expected output/outcome will be to set attribute pwdAccountLockedTime for this 
user entry.

What version of the product are you using? On what operating system?
1.2.2 on Debian Lenny with ruby 1.8.7 (2008-08-11 patchlevel 72) [i486-linux]

Please provide any additional information below.

In my set up, some users already have the pwdAccountLockedTime entry set up. 
And I can work around this issue by first running:
>> User.find(:all, :attributes => ['*','+'])
>> u = User.find('foo', :attributes => ['*','+'])
>> u.pwd_account_locked_time
=> nil
>> u.pwd_account_locked_time?
=> false
>> u.pwd_account_locked_time = '00000101000000Z'
=> "00000101000000Z"

So, to me, it looks like once the attribute got into the cache table for one of 
the users, then it can be used for others.

I tried to look at the source of activeldap and feel that the issue could be 
tackle in base.rb within method_missing .
Unfortunately, I am no ruby expert and my attemps all failed.

Also, maybe another place where these method could be defined would be in 
def methods
where on top of adding methods for attributes in the entry, a method for 
attributes with @directory_operation=true and @read_only=false

Original issue reported on code.google.com by chan...@gmail.com on 30 Sep 2010 at 3:01