I am trying to create a (single) LDAP filter that will find users with various attributes (status, create date, etc) who are also members of a particular group. Normally the answer would be to filter on the "memberOf" attribute -- but unfortunately users in our directory do not have this attribute -- instead of members referring to their groups, only groups refer to their members (using uniqueMember).
I read in Mr. Tendys' comment in another question that there is an overlay that will add memberOf to users in such cases. For whatever reason, this was not done in our case, and recreating the directory, as Mr. Tendys says is necessary to create the attribute for existing users, is a non-starter.
Currently we can search for the group separately from the other attributes like this:
Group:
BaseDN: ou=groups,dc=mycompany,dc=com
Query: (&(objectClass=groupofuniquenames)(description=My Funky Group))
(And then pull the uniqueMember attributes)
Other attributes:
BaseDN: dc=mycompany,dc=com
Query: (&(objectClass=person)(myCreateDate>=2010-10-27T10:49:42-04:00)(myUserType=E))
Relationally, my instinct is to join the uniqueMember attribute of the group to the DNs we get from the other attribute filter, but my investigation has not shown that this is possible in LDAP.
Admittedly, I am not an LDAP expert. I am much more experienced in the relational database would, but I have been nipping around the edges of LDAP for some time now. All of which is to say that I know some things, but there may be fundamentals I am missing.
How do I "join" these two filters, so I don't have to coalate the responses outside of my directory (a Java web service, for what its worth).
There are no joins in LDAP (unless there is something I haven't discovered yet!) You have to search the group members and check their attributes individually, or enumerate the users with matching attributes and check their group memberships, whichever makes more sense performance wise.
Related
We have a users table. Users have many listings.
We'd like to shard the association model Listing such that all users stay on database "master" shard. Users will get a shard_id column and listings will be split into different databases "shard1", "shard2".
We can augment our code to access the listings on the correct shard using the using method:
Listing.where(user: current_user).using(current_user.shard_id)
However that is a big code change. Ideally we want to just keep using our existing association statements like this:
current_user.listings
And have it automatically use current_user.shard_id beneath the hood.
Any suggestions for doing this?
According to the documentation, current_user.listings should work out of the box.
Octopus also handles associations. When you try to get a object that is associated to another object, you could use normal ActiveRecord syntax to get the objects
https://github.com/thiagopradi/octopus/wiki/How-Octopus-Works
I'm looking for some guidance on how to implement what I am referring to as "virtual associations" into my model in rails.
I'll preface this with the disclaimer that I have considered going down the real associations path (HABTM) but as far as I can see this would conflict with concepts that I already have implemented.
I currently have a Project model which can be associated with User objects via roles.
As an example, a Project may have many site_managers, construction_managers and project_managers.
A site_manager can also be a project_manager for the same or different projects (rules out single table inheritance).
With the Rolify gem this is fairly straightforward to implement. I can assign any of the roles above to a particular user in a s pecific project with sample_user.add_role(:site_manager, sample_project).
One of my goals is to be able to create a form where I can setup a new project, and assign users to roles from using a multi-select list. So as an example, my form would have the following input to assign selected users as site manager for the new project:
= f.input :site_managers, collection: User.all, input_html: { multiple: true } (Formtastic DSL)
This is where things get slightly complicated. I have managed to implement a custom getter/setter for the site_maanagers attribute where I can take a hash of user_ids passed by the form and fetch/update the appropriate records as needed.
However this implementation is far from being similar to that of a real association, where I could do things like adding a single user to the site_managers with sample_project.site_managers << sample_user.
At the moment I am also unable to set the array of site_managers using user instances. My custom setter only takes user_ids as the argument which is a bit cumbersome and not very intuitive when used outside of a form submission implementation. I can easily work around this by checking types inside the setter method but it feel hackery and not very Rails like.
I've tried ditching the whole custom getter/setter and going with a HABTM implementation that uses a join table to manage all these records but I am concerned that this won't scale well if/when we need to add more roles to the project (each role adds an extra column to the join table). It also ends up feeling like I am duplicating functionality/concepts that are already offered with Rolify so in some places I am checking for roles in a join table and in using Rolify in others (i.e. if a user is an admin or has access to a certain resource).
Is there something else I may have overlooked or this the only way of getting this done?
Thanks and I look forward to hearing some of your opinions.
Rog
I am working on a rails application and i have 3 different user types. These users are potentially very different, so i created models for each of them. Now, they should be able to login thru a single form. So basically i want to say something like 'find_by_email("some_email")', but search over all three tables. It seems, though, that Rails expect you to call 'find_by' with a specific model, like Admin.find_by(). Any suggestions?
Try something like this and assuming that that the email is unique across all the tables
[Model1, Model2, Model3].each do |model|
break if model.find_by_email("email#email.com").present?
end
Hopefully this is early in your development, but the current structure may not be the best possible route. How many different columns are NOT shared by each of the user types? You may want to use a "user role" system, and have that simply be an extra column on your user table.
Than, you can use something like CanCan to manage those roles and what/where they may access.
I'm creating an application consisting of a bunch of entries. These entries are going to have a bunch of fields (e.g. category, name, description etc.) and be of a certain type (category). So the user would first create a category with a title and description and then define what other fields an entry in that category can and should have.
Example:
Create category, title => 'Books', description => 'A description'. Defining extra fields, author (required), image (not required).
Create entry, when choosing category => 'Books' the form is regenerated and the fields for author and image are shown with validation defined in the category.
I hope somebody understands..
I was talking to a friend about this who recommended going for MongoDB in order to implement this, now I have an app installed with Mongoid and everything works just fine.
The question is, how would I implement this in the best way, making it as flexible as possible?
it's hard to answer to your because it is quite vague… here is what I can say about MongoDB:
MongoDB is already as flexible as possible (that is even its problem actually).
The problem is more likely to sometime restricts its flexibility i.e. check access rights, check that your jSON you are storing is in the right scheme and so on.
If your db is not too huge and you do not want to bother with many collections, you can store all your Books items (documents) (or even a document containing lists) into the same collection.
I am attempting to add in a form field that should allow me to add a record into a join table. The table name contains the ids of the following:
log_id
node_id
So naturally, my models is setup as follows:
class Log
has_and_belongs_to_many :nodes
end
class Node
has_and_belongs_to_many :nodes
end
The objective is that when I create a log, I should be able to associate it with an number of nodes (ergo, servers). And since there is a lot of nodes on hand, it seems to make sense to have a textfield where when you enter a node name, it will pop-up a list of nodes to choose from. However, I am having some difficulty getting that accomplished.
I know how to use the autocomplete plugin, (that had came with Rails), but it seems to only accept a string and not with the id - and apparently not across models. I know how to do an AJAX search (though I am not that familiar with Javascript), but again, getting that ID becomes an issue.
I think that in either case, I may be able to figure how to get that value and put that in - the uncertainty is whether one or the other is the correct approach to getting that value. Which one should I concentrate on? Or is HABTM even appropriate in this?