search

google-code-export / ruby-activeldap

Automatically exported from code.google.com/p/ruby-activeldap
Other
1 stars 1 forks source link

activeldap unusable after active directory schema upgrade for exchange 2010 (response to large) #57

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. create a class Node:

  class Node < ActiveLdap::Base
    ldap_mapping
  end

2. Node.find(:first, :filter => 'cn=test')

This works for me for a long time (rails 2.3.5, rub-ldap-0.9.9, 
activeldap-1.2.1). After an active directory schema upgrade for exchange 2010 
all my programs failed.

I get an unknown error. Playing around with tcpdump i found the following 
schema request:

-b "CN=Aggregate,CN=Schema,CN=Configuration,DC=<my-domain>,DC=<top>" \
objectClass=subschema objectClasses attributeTypes matchingRules \
matchingRuleUse dITStructureRules dITContentRules nameForms ldapSyntaxes

Using ldapsearch i can separate perform two separate attribute searches
for 
  1: objectClasses attributeTypes matchingRules \
     matchingRuleUse dITStructureRules nameForms ldapSyntaxes
  2: dITContentRules
but not both in one request, as lib/active_ldap/adapter/base.rb in method 
schema, line 116 and below.

With the following hack i could get the schema request working:
1. rails 2.3.8
2. activeldap > 1.2.2 from svn
3. splitting the schema request in lib/active_ldap/adapter/base.rb in to ldap 
searches and merging the attribute hashes before create a new schema (see 
attachment)

What version of the product are you using? On what operating system?

rails 2.3.5/2.3.8, activeldap-1.2.2/svn, ubuntu 10.10, debian lenny.
LDAP: Active Directory 2003 with schema preparations for 2008, Exchange 2007, 
Exchange 2010.

Please provide any additional information below.

I tried the hack with activeldap-1.2.1 and activeldap-1.2.2 without success 
(unknown attribute dn due to a case mismatch).

I also tried to increment the server limits with ntdsutil -> ldap policies, but 
without success.

The problem can be reproduced with 
ldapsearch -h <host> -p 3268 -D <bindDN> -W -z 0 -LLL -s base -b \
"CN=Aggregate,CN=Schema,CN=Configuration,DC=<my-domain>,DC=<tld>" \
objectClass=subschema objectClasses attributeTypes matchingRules \
matchingRuleUse dITStructureRules dITContentRules nameForms ldapSyntaxes

The problem depends on the real schema size. In our Active Directory the 
resulting schema size is about 1.5 MByte.

Original issue reported on code.google.com by swobsp...@gmail.com on 21 Nov 2010 at 11:13

Attachments: