retrieving multi-valued DN attributes using ActiveLdap - ruby

Some users in my LDAP Directory have several uids assigned as such:
dn: uid=user1,ou=People,o=org
uid: user1
uid: nick1
dn: uid=user2,ou=People,o=org
uid: user2
uid: nick2
While trying to get uid for these users using ActiveLdap (like User.uid) I only get the first uid attr as it is DN attribute.
Is it possible with ActiveLdap to get both of them?

i just ran into this a couple weeks ago:
Query all the users in a system with LDAP
It is not an ActiveLDAP issue per say.
Here is the thing, and I will hopefully save you some time. with your ldap schema, as is, what you have is a unique dn for every user. So, in effect, if you have 100,000 users, you have 100,000 folders, each identified at the top level as unique by id. if your schema was setup like this:
dn: category=active,ou=People,o=org
uid: uid1
uid: nick1
then you could query all the active users for overlapping uid because the filter would filter down to active users and select from that the users with uid attributes of x.
As it is, you can only get at the top level dn, so each filter will filter one user, so its useless. What I did is actually query my flatfile backup of the ldap database and extracted information that way. i used basic ruby and just split records on newlines, and made a big array, if I remember correctly. We had about 130,000 records and was able to get my query in about 2 seconds from the flat file.

Related

best practice for very simple relation on a nosql table

I am using a dynamoDB table with GraphQL api to store posts. I want a user to be able to mark certain posts as favorites.
I have thought to create a relation table of user to post, but I also thought to just add an array of userId's to the post object with all the userIds of users who have made that post a favorite.
My understanding is a UUID is 16 bytes so even if say 10,000 users favorite the object then that array will be 160kb. Not insignificant but manageable to pass that much data with the object each time it is loaded.
Just wondering what is the best practice for this scenario. I'm pretty new to nosql.
With dynamoDB you have to think about access patterns first:
To get the favorite posts of a user, store a postsIds array in the user table
To get the users who like a post, store a likerIds array in the post table
To get a bidirectional link, do both of the above
Please also keep in mind that:
You can select fields when getting a document (only select the fields you are interested in)
I don't see a scenario where you would load 10k usernames and display them
The above solution looks pretty good for common scenarios.
More advanced solution:
There could be a more powerful way to do that using range keys. For instance:
Hash Key: postID
range key: likerID
title
...
post1
MyFancyPost
post1
user1
post1
user2
This structures is more powerful, and could store a lot of connections without having any "big" field in the post model.
you could easily paginate, and count the list of likers
can handle many more likers for only one post

how to check whether any user exists as part of GROUP-FILTER in ldap

Say, I want to retrieve some users and I have provided both user_filter & group_filter to filter out the specific users that I need.
user_filter = (&(cn=ab*)(sn=cd*))
group_filter = (|(cn=gh*)(cn=kl*))
I know how to write individual queries for user & group. How can I combine the above filters to write a single query such that I get the users whose common name starts with 'ab' and surname starts with 'cd' and they either belong to groups which start with 'gh' or 'kl'?
It depends how you have membership defined. If you have membership on the groups, eg. group1 has member attribute for user1, this combined query is not possible. If you have groups defined on the user, eg. user1 has memberOf attribute for group1, then you may do something like
(&(objectclass=user)(cn=ab*)(sn=cd*)(|(memberof=cn=gh*)(memberof=cn=kl*)))

Search/retrieve by a large OR query clause with Solr or Elasticsearch

I have a search database of car models: "Nissan Gtr", "Huynday Elantra", "Honda Accord", etc...
Now I also have a user list and the types of cars they like
user1 likes: carId:1234, carId:5678 etc...
Given user 1 I would like to return all the cars he likes, it can be 0 to even hundreads.
What the best way to model this in Solr or potentially another "nosql" system that can help with this problem.
I'm using Solr but I have the opportunity to use another system if I can and if it makes sense.
EDIT:
Solr solution is to slow for Join (Maybe we can try nested). And the current MySQL solution which uses join tables has over 2 billion rows.
so, you just want to store a mapping between User->Cars, and retrieve the cars based on the user...sounds very simple:
Your docs are Users: contain id (indexed), etc fields
one of the field is 'carsliked', multivalued, which contains the set of car ids he likes
you have details about each care in a different collection for example.
given a user id, you retrieve the 'carsliked' field, and get the car details with a cross collection join
You could also use nested object to store each liked car (with all the info about it) inside each user, but is a bit more complex. As a plus, you don't need the join on the query.
Solr would allow you many more things, for example, given a car, which users do like it? Elasticsearch will work exactly the same way (and probably many other tools, given how simple your use case seems).

Restrict a user to a set of documents in elasticsearch

I have an index with many documents. In my app, a login happens under a username. For a user only a group of data should be visible, that is I want to restrict each user to a set of documents. Can somebody offer a solution of how to implement this using elasticsearch?.
Suppose my index contain the follwing documents
record1
record2
record3
record4
And I have say 2 users, user1 and user2
When the user1 is logged in, he should have access to "record1","record2" and "record3". Where for user2 , the access should only be to "record4".
Probably you can add one more column to the index where in you can persist the intended user for the record and while querying the index you can check if the logged in user in among the users specified in the column.
I would advise you to use a index aliases.
Index aliases has the capability to add filter to them.
So create 2 aliases , one for each user.
Now for each alias , create a filter which restricts the user to his own set of documents. ( Just use a document ID search )
Restrict these users to use only these aliases using a proxy.
That should do the trick

Solr order by field not in document

Just wondering if what I want to do is possible with Solr:
I have a Solr index of 'Users' [id, name, join_date] and on my site and I have a page /users which has a Solr query that lists all of the users in the index in alphabetical order.
On my site users can 'follow' other users. I have added another page /followers which first gets all the user_ids which are 'following' the logged in user from MySQL - then uses these IDs to query Solr to only return users which the current user is following.
This all works fine.
But the problem is, I'd like to be able to order the users returned on /followers in order of when they first started following the logged in user - I keep this information in a join table in MySQL. But my Solr documents don't contain this date - as obviously one user can have many followers and vise versa. Also I can't just use MySQL to server this page as I need to keep it Solr query-able.
Would love some insight into this - it's been bugging me for a while now.
you can do that with ExternalField but you need to export your info from the db to a text file (and keep it updated etc).
This guy here discusses a way to do it without ExternalField, but requires customizing Sorl code.

Resources