thoughts on v3 support

Michael Ströder michael at
Sun Nov 19 11:41:20 CET 2000

David Leonard wrote:
> 1) it is possible to ditch all c library support and implement ldap
> client code in 100% pure python. the problem is that this is WAY too
> much effort

I already seriously thought about this. I'm currently using a ASN.1
parser module written by Jeremy Hylton for my own X.509 certificate
library. I'm doing some patches for this to get more standard ASN.1
types into it.

This ASN.1 module could be used to implement a LDAP library. I agree
it's much effort.

> 2) alternatively, python-ldap could be 'bundled' with a 'preferred' ldapv3
> implementation. main problem here is that of choosing one preferred impl
> bearing in mind that users will find very good reasons to use other libs

As I already said: You will have difficulties to download the right
version of at least the Netscape libs (not sure about the Novell
libs). Recent Netscape version 4.x differ is various aspects like
setting options etc. that it will be difficult to support them.

> 3) of course, i think that the real answer is to get a new 'standard' api


> that the various ldapv3 libs are expected to adhere to, then concentrate
> on that (with possible support for particular library extensions. )


Concentrating on the OpenLDAP 2.0.x libs would give access to more
useful features besides LDAPv3 binding like:
- LDAP over SSL
- normalizing functions for DNs
- UTF-8 checking
- all schema stuff
- LDAP syntax checking

> i couldn't find an LDAPv3 rfc that could be used as for specifying the api.
> RFC1823 is way out of date now. on the other hand, there is the Java API
> for ldapv3...

There's no RFC yet. OpenLDAP 2.0.x implements LDAPEXT-API which is
only an Internet draft up to now. See for more

Ciao, Michael.

More information about the python-ldap mailing list