Monthly Archives: August 2016

Fedora 24 LDAP setup for Rails applications

To support the devise authentication in my application, I need to configure a local LDAP directory. The setup details of the Fedora aren’t very good, but I cam across which worked a treat on my Fedora 24 install.

Used the following files for the build.

# Install using: ldapmodify -Y EXTERNAL -H ldapi:/// -f mydomain.ldif
# use slappasswd to generate SSHA passwords
dn: olcDatabase={1}monitor,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
 read by dn.base="cn=Manager,dc=my-domain,dc=com" read by * none

dn: olcDatabase={2}mdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=my-domain,dc=com

dn: olcDatabase={2}mdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=Manager,dc=my-domain,dc=com

dn: olcDatabase={2}mdb,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: {SSHA}lFyoikpFOrg....kIZ4lo85qK

dn: olcDatabase={2}mdb,cn=config
changetype: modify
add: olcAccess
olcAccess: {0}to attrs=userPassword,shadowLastChange by
 dn="cn=Manager,dc=my-domain,dc=com" write by anonymous auth by self write by * none
olcAccess: {1}to dn.base="dc=my-domain,dc=com" by * read
olcAccess: {2}to * by dn="cn=Manager,dc=my-domain,dc=com" write by * read


# Install using: ldapadd -x -D cn=Manager,dc=my-domain,dc=com -W -f domain.ldif
dn: dc=my-domain,dc=com
objectClass: top
objectClass: dcObject
objectclass: organization
o: Server World
dc: my-domain

dn: cn=Manager,dc=my-domain,dc=com
objectClass: organizationalRole
cn: Manager
description: Directory Manager

dn: ou=People,dc=my-domain,dc=com
objectClass: organizationalUnit
ou: People

dn: ou=Group,dc=my-domain,dc=com
objectClass: organizationalUnit
ou: Group

An LDAP browser can then bind to the service using ‘cn=Manager’ and create users and other objects.

A Rails application can use the directory for authentication with the following in config/ldap.yml (assuming use of the devise_ldap_authenticatable gem),

  port: 389
  attribute: cn
  base: dc=my-domain,dc=com
  admin_user: cn=Manager,dc=my-domain,dc=com
  admin_password: the_password
  ssl: false

Not really expecting this to be useful to anyone else, but it should be useful the next time I have to rebuld the laptop environment.

Copying items in Rails applications

When working with large amounts of data and with complex or detailed forms, there is often a need to bulk add new and similar items and trying to remember all the values to be included can be taxing to say the least.

What would be nice is an option on the page to copy an item and be able to edit the details for the specific instance.

This is fairly simple in Rails. The example below is for the applications resource

Create a new route in config/routes.rb

 resources :applications do
  member do
    get 'copy' => 'applications#create_from_existing'
    post 'copy' => 'applications#create_from_existing'

This will capture any ‘copy’ action requests and forward them to a new ‘create_from_existing’ action in the applications controller. Including GET and POST  allows the use of link_to and button_to helpers in the views.

Then, create the ‘create_from_existing’ controller action,

  def create_from_existing
    @existing_app = Application.find(params[:id])
    #create new object with attributes of existing record
    @application = @existing_app.dup
    render :new

This simply creates an ActiveRecord duplicate of the item to be copied and renders it with the (already defined) ‘new’ action.

Finally, we create links to the copy action in our views using helpers like,

<%= link_to image_tag("copy-icon.png", :size => "22x17", :title => "Copy item"), copy_application_path %></td>
<%= link_to 'copy', copy_application_path(@application) %>
<%= button_to 'copy', copy_application_path(@application), :class => "button" %>

The only thing to watch out for when editing the copied item is that the button at the bottom of the form says ‘ Create …’ rather than update; on submission the id of the item being displayed should be that of a new record.