explicit vs implicit attributes names
michael at stroeder.com
Wed Feb 18 18:04:37 CET 2004
Jerome Alet wrote:
> I'd want to retrieve complete LDAP entries from my server,
> including createTimestamp and modifyTimestamp (where available)
These are so-called operational attributes.
> But if I pass None as the attributes to retrieve, I only
> receive attributes which I've created myself, not "server"'s
> attributes like the two mentionned above.
This is not really a python-ldap issue.
> I have to explicitely pass all attributes names + "createTimestamp"
> and al, and I find this completely inconvenient.
Maybe ['*',"createTimestamp"] helps.
> Is there a simple solution to not have to explicitely name all
> attributes ?
OpenLDAP supports draft-zeilenga-ldap-opattrs which enable you to request
all operational attributes with ['+']. All user and operational attributes
can be retrieved from an OpenLDAP server with ['*','+']. This does not work
for other LDAP servers which do not support draft-zeilenga-ldap-opattrs.
Furthermore expect all weird things to happen with various LDAP server
products. E.g. Domino/LDAP does not process ['*'] properly. Not sure whether
they fixed it during the last year...
More information about the python-ldap