Implementation of LDAPControls

Ingo Steuwer steuwer at
Mon Jan 3 11:00:29 CET 2005

Am Mo, den 20.12.2004 schrieb Michael Ströder um 10:01:
> Ingo Steuwer wrote:
> > 
> > To fulfill our upcomming goals we need to use LDAPControls, but the
> > latest released version of python-ldap doesn't support them. 
> Yes, you'll find a hint in file TODO.
> > We did some experimental implementations in the C-backend (for "proof of
> > concept") and would now like to define a general approach. This should
> > be done in coordination with you to see our work in upcoming versions of
> > python-ldap.
> Since I'm not a C programmer (David wrote the C code) I'd be really glad 
> if someone would jump on in and contribute code for LDAP controls and 
> extended operations.
> I already tried to wrap the arguments whereever appropriate. Please 
> review this.
> > My attempt would defining a python-class LDAPControl (containing OID,
> > iscritcal and value (dictionary)) and implement a correspondig wrapper
> > to *LDAPControl.
> But value can be a complex ASN.1 structure as well.
> > I think the most diffcult part will be the
> > representation of berval/berelement in python.
> Yes.
> > - is there somebody else implementing this (I didn't look at the cvs) ?
> No. And I'm currently rather short on time. I'd highly appreciate your 
> contributions. But note that you should give away copyright for your 
> contributed code. Make sure that your legal department agrees on that.

Sorry for my late answer. It's Ok.

> > - are there already thoughts, definitions or an approach I should know ?
> There are several approaches.
> 1. Python classes for controls with a method berencode(). This method 
> would be called before passing the controls as argument to the functions 
> in _ldap. This would be the most flexible approach and independent of 
> the underlying OpenLDAP API. Drawbacks are that you need a BER module 
> for this and it's much work for complex controls.
> 1.a Wrap libber.
> 1.b Implement a pure Python BER module. Maybe we could get one from a 
> SNMP implementation implemented in Python?

I'd prefer this way, as mentioned by Hans there are already
implementations. In our first attempt we will not include but prepare
for them.

Ingo Steuwer

> 2. We could also wrap the helper functions in libldap (see controls.c, 
> vlvctrl.c, sortctrl.c). But this would add another strong dependency on 
> the OpenLDAP libs.
> > - do you know about wrappers between berval/berelement and python ?
> No. You could try to wrap OpenLDAP's libber.
> Ciao, Michael.
Ingo Steuwer       steuwer at         fon: +49 421 22 232- 0
Entwicklung        Linux for Your Business       
Univention GmbH     fax: +49 421 22 232-99

More information about the python-ldap mailing list