When we migrated to the new migration syntax, the clause 'validate_length_of :host' was wrongly translated. It contains a clause 'allow_nil' that allows it to be nil, but in Rails 3 the :presence => true clause takes precedence. If you try to run AuthSourceLdap.new(:host => nil) it will fail as it need a host (correctly). This clause has to be removed so that Rails 4 doesn't allow to create AuthSourceLdap without a host, as :allow_nil takes precedence in Rails 4.